Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
msvcp110.dll

Overview

General Information

Sample name:msvcp110.dll
Analysis ID:1525242
MD5:6abf44283ba0f54b3e091c37512dcf09
SHA1:eebc18868eb14a7db6af30ff24c86c23918643a7
SHA256:9d1c18432d75dcd0c0390109dc64971d95e46e323cd0fe3de69a4c404e45a5c3
Tags:dlluser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Writes to foreign memory regions
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 7472 cmdline: loaddll32.exe "C:\Users\user\Desktop\msvcp110.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 7480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7524 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 7548 cmdline: rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
        • aspnet_regiis.exe (PID: 7584 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" MD5: 5D1D74198D75640E889F0A577BBF31FC)
    • rundll32.exe (PID: 7532 cmdline: rundll32.exe C:\Users\user\Desktop\msvcp110.dll,GetGameData MD5: 889B99C52A60DD49227C5E485A016679)
      • aspnet_regiis.exe (PID: 7572 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" MD5: 5D1D74198D75640E889F0A577BBF31FC)
    • rundll32.exe (PID: 7672 cmdline: rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",GetGameData MD5: 889B99C52A60DD49227C5E485A016679)
      • aspnet_regiis.exe (PID: 7688 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" MD5: 5D1D74198D75640E889F0A577BBF31FC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["treatynreit.site", "snarlypagowo.site", "soldiefieop.site", "explorationmsn.stor", "mysterisop.site", "absorptioniw.site", "chorusarorp.site", "questionsmw.stor", "abnomalrkmu.site"], "Build id": "1AsNN2--7258599327"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:21:05.729774+020020546531A Network Trojan was detected192.168.2.449733172.67.214.93443TCP
    2024-10-03T23:21:05.971775+020020546531A Network Trojan was detected192.168.2.449732172.67.214.93443TCP
    2024-10-03T23:21:08.282237+020020546531A Network Trojan was detected192.168.2.449735172.67.214.93443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:21:05.729774+020020498361A Network Trojan was detected192.168.2.449733172.67.214.93443TCP
    2024-10-03T23:21:05.971775+020020498361A Network Trojan was detected192.168.2.449732172.67.214.93443TCP
    2024-10-03T23:21:08.282237+020020498361A Network Trojan was detected192.168.2.449735172.67.214.93443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:21:03.019015+020020563921Domain Observed Used for C2 Detected192.168.2.4603371.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:21:03.100040+020020563941Domain Observed Used for C2 Detected192.168.2.4497451.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:21:03.030766+020020563961Domain Observed Used for C2 Detected192.168.2.4622871.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:21:03.088272+020020564001Domain Observed Used for C2 Detected192.168.2.4568321.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:21:02.997034+020020564021Domain Observed Used for C2 Detected192.168.2.4623621.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:21:03.076728+020020564061Domain Observed Used for C2 Detected192.168.2.4503921.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:21:03.007803+020020564081Domain Observed Used for C2 Detected192.168.2.4491831.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:21:03.042680+020020564101Domain Observed Used for C2 Detected192.168.2.4579701.1.1.153UDP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: 6.2.aspnet_regiis.exe.400000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["treatynreit.site", "snarlypagowo.site", "soldiefieop.site", "explorationmsn.stor", "mysterisop.site", "absorptioniw.site", "chorusarorp.site", "questionsmw.stor", "abnomalrkmu.site"], "Build id": "1AsNN2--7258599327"}
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: msvcp110.dllJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: absorptioniw.site
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: mysterisop.site
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: snarlypagowo.site
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: treatynreit.site
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: chorusarorp.site
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: abnomalrkmu.site
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: soldiefieop.site
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: questionsmw.stor
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: explorationmsn.stor
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
    Source: 00000006.00000002.1717357907.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: 1AsNN2--7258599327
    Source: msvcp110.dllStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.214.93:443 -> 192.168.2.4:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.214.93:443 -> 192.168.2.4:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49734 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.214.93:443 -> 192.168.2.4:49735 version: TLS 1.2
    Source: msvcp110.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 64567875h5_2_00444040
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp+08h], ecx5_2_00401000
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp], 00000000h5_2_0041B000
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], dx5_2_004210D0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]5_2_0041508C
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp+50h], 00000000h5_2_0041508C
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h5_2_004480A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]5_2_004300B0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_00429140
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+00000688h]5_2_0041D1D0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h5_2_0041F1D6
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]5_2_0044518B
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp+18h], 3602043Ah5_2_0042F1B0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], cx5_2_00427250
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], cx5_2_00427250
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx esi, byte ptr [edx+eax-01h]5_2_0040C210
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, word ptr [esp+eax*4+000000ACh]5_2_0040C210
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp+34h], edx5_2_004012F2
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [edx], ax5_2_0042A280
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]5_2_00414294
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_0042D295
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]5_2_0042D295
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+20h]5_2_00416319
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00433335
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00433335
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then dec ebx5_2_0043F3F0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ecx, word ptr [edi]5_2_0042A3A8
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+14h]5_2_0042A3A8
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], dx5_2_004214D3
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_0042D4D4
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]5_2_0042D4D4
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], D518DBA1h5_2_0043F4E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], D1A85EEEh5_2_0043F4E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], dx5_2_004214EA
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]5_2_00416574
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]5_2_0042C510
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+000000D0h]5_2_0041D672
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh5_2_00447630
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp al, 2Eh5_2_0042C6E1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_0042C6E1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ebx, eax5_2_0040A680
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ebp, eax5_2_0040A680
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]5_2_004416A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+000000D0h]5_2_0041D733
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]5_2_00416866
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+68h]5_2_00447820
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]5_2_0042B830
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then xor eax, eax5_2_0042B830
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp eax5_2_0042A8A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [ebp-000000C0h]5_2_0040F917
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esi+08h]5_2_00412920
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esi+00000080h]5_2_00412920
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00412920
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp dword ptr [00451A70h]5_2_0042E927
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ebx, byte ptr [edx]5_2_0043B9F0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]5_2_0042DA0A
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh5_2_00449A10
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp byte ptr [ebp+ebx+00h], 00000000h5_2_0042DB4B
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]5_2_00404B50
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h5_2_00443B60
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp dword ptr [0045042Ch]5_2_0041FB73
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]5_2_00446BE5
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov esi, ebx5_2_00448BE0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00433BFE
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00433BFE
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh5_2_00449BA0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+54h]5_2_0041FBB1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h5_2_00420C4C
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]5_2_00446C5A
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]5_2_00405C00
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]5_2_0040FC00
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h5_2_00444C90
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 69F07BF2h5_2_00427D03
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h5_2_00449D20
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh5_2_00449D20
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp eax, C0000004h5_2_0041DDFF
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_00443DA0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_0042EE40
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp eax5_2_00415E11
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx eax, byte ptr [ebx+edx-06h]5_2_00406E30
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx esi, byte ptr [edx+ebp]5_2_00406E30
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov esi, ebx5_2_00448F50
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_0040DFC0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+10h]5_2_0040DFC0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h5_2_00426FF0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00433F92
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00433F92
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], cx8_2_02527250
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], cx8_2_02527250
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx esi, byte ptr [edx+eax-01h]8_2_0250C210
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, word ptr [esp+eax*4+000000ACh]8_2_0250C210
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp+34h], edx8_2_025012F2
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]8_2_02514294
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]8_2_0252D295
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]8_2_0252D295
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [edx], ax8_2_0252A280
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+20h]8_2_02516319
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_02533335
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al8_2_02533335
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then dec ebx8_2_0253F3F0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ecx, word ptr [edi]8_2_0252A3A8
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+14h]8_2_0252A3A8
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 64567875h8_2_02544040
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp], 00000000h8_2_0251B000
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], dx8_2_025210D0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]8_2_0251508C
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp+50h], 00000000h8_2_0251508C
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]8_2_025300B0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h8_2_025480A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]8_2_02529140
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+00000688h]8_2_0251D1D0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h8_2_0251F1D6
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]8_2_0254518B
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp+18h], 3602043Ah8_2_0252F1B0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al8_2_02531670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al8_2_02531670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al8_2_02531670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al8_2_02531670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al8_2_02531670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_02531670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al8_2_02531670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+000000D0h]8_2_0251D672
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh8_2_02547630
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp al, 2Eh8_2_0252C6E1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]8_2_0252C6E1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ebx, eax8_2_0250A680
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ebp, eax8_2_0250A680
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]8_2_025416A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+000000D0h]8_2_0251D733
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], dx8_2_025214D3
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]8_2_0252D4D4
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]8_2_0252D4D4
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], D518DBA1h8_2_0253F4E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], D1A85EEEh8_2_0253F4E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], dx8_2_025214EA
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]8_2_02516574
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]8_2_0252C510
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh8_2_02549A10
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]8_2_0252DA0A
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]8_2_02504B50
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp byte ptr [ebp+ebx+00h], 00000000h8_2_0252DB4B
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp dword ptr [0255042Ch]8_2_0251FB73
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h8_2_02543B60
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp edx8_2_02546B07
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_02533BFE
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_02533BFE
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]8_2_02546BE5
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov esi, ebx8_2_02548BE0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+54h]8_2_0251FBB1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh8_2_02549BA0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]8_2_02516866
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]8_2_0252B830
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then xor eax, eax8_2_0252B830
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+68h]8_2_02547820
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp eax8_2_0252A8A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [ebp-000000C0h]8_2_0250F917
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esi+08h]8_2_02512920
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esi+00000080h]8_2_02512920
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_02512920
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp dword ptr [02551A70h]8_2_0252E927
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ebx, byte ptr [edx]8_2_0253B9F0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]8_2_0252EE40
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp eax8_2_02515E11
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx eax, byte ptr [ebx+edx-06h]8_2_02506E30
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx esi, byte ptr [edx+ebp]8_2_02506E30
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov esi, ebx8_2_02548F50
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]8_2_0250DFC0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+10h]8_2_0250DFC0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h8_2_02526FF0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_02533F92
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al8_2_02533F92
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]8_2_02546C5A
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h8_2_02520C4C
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]8_2_02505C00
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]8_2_0250FC00
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h8_2_02544C90
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 69F07BF2h8_2_02527D03
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h8_2_02549D20
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh8_2_02549D20
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp eax, C0000004h8_2_0251DDFF
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]8_2_02543DA0

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chorusarorp .site) : 192.168.2.4:62287 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056408 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soldiefieop .site) : 192.168.2.4:49183 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056400 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mysterisop .site) : 192.168.2.4:56832 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056394 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (absorptioniw .site) : 192.168.2.4:49745 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056406 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snarlypagowo .site) : 192.168.2.4:50392 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056410 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatynreit .site) : 192.168.2.4:57970 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056392 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abnomalrkmu .site) : 192.168.2.4:60337 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056402 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionsmw .store) : 192.168.2.4:62362 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49733 -> 172.67.214.93:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49733 -> 172.67.214.93:443
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49732 -> 172.67.214.93:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 172.67.214.93:443
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49735 -> 172.67.214.93:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49735 -> 172.67.214.93:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: treatynreit.site
    Source: Malware configuration extractorURLs: snarlypagowo.site
    Source: Malware configuration extractorURLs: soldiefieop.site
    Source: Malware configuration extractorURLs: explorationmsn.stor
    Source: Malware configuration extractorURLs: mysterisop.site
    Source: Malware configuration extractorURLs: absorptioniw.site
    Source: Malware configuration extractorURLs: chorusarorp.site
    Source: Malware configuration extractorURLs: questionsmw.stor
    Source: Malware configuration extractorURLs: abnomalrkmu.site
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: beearvagueo.site
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: beearvagueo.site
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: beearvagueo.site
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src ' equals www.youtube.com (Youtube)
    Source: aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=617cb025355d0c4f3fc3ac07; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34832Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 03 Oct 2024 21:21:04 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Controlt equals www.youtube.com (Youtube)
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: explorationmsn.store
    Source: global trafficDNS traffic detected: DNS query: questionsmw.store
    Source: global trafficDNS traffic detected: DNS query: soldiefieop.site
    Source: global trafficDNS traffic detected: DNS query: abnomalrkmu.site
    Source: global trafficDNS traffic detected: DNS query: chorusarorp.site
    Source: global trafficDNS traffic detected: DNS query: treatynreit.site
    Source: global trafficDNS traffic detected: DNS query: snarlypagowo.site
    Source: global trafficDNS traffic detected: DNS query: mysterisop.site
    Source: global trafficDNS traffic detected: DNS query: absorptioniw.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: beearvagueo.site
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: beearvagueo.site
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719291371.0000000002E0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717802982.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742528093.0000000002768000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719291371.0000000002E0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717802982.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742528093.0000000002768000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719291371.0000000002E0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717802982.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742528093.0000000002768000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://abnomalrkmu.site/
    Source: aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://abnomalrkmu.site/P;
    Source: aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://absorptioniw.site/b
    Source: aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://absorptioniw.site/n
    Source: aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002D44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://absorptioniw.site:443/api
    Source: aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://absorptioniw.site:443/apisorptioniw.site/R
    Source: aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.co
    Source: aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.cor
    Source: aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/
    Source: aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/$L
    Source: aspnet_regiis.exe, 00000006.00000002.1717761124.0000000002A60000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716655884.0000000002A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/2_
    Source: aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/E
    Source: aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/Gn
    Source: aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/api
    Source: aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/api3
    Source: aspnet_regiis.exe, 00000006.00000002.1717761124.0000000002A60000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716655884.0000000002A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/apioot0
    Source: aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site:443/apiofiles/76561199724331900
    Source: aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002D44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site:443/apisslc
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steam
    Source: aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
    Source: aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAc
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=englis
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719291371.0000000002E0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717802982.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717568467.0000000002A0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742528093.0000000002768000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzol
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=HLoW
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=24Mgahw2gQy5&l=e
    Source: aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/m
    Source: aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered
    Source: aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mysterisop.site/
    Source: aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002D44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mysterisop.site:443/api0u
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://questionsmw.store/
    Source: aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://questionsmw.store/P
    Source: aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://questionsmw.store/p
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://soldiefieop.site/p
    Source: aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://soldiefieop.site/x
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719291371.0000000002E0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717802982.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742528093.0000000002768000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002D63000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717568467.00000000029F7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717634923.0000000002A18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719291371.0000000002E0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717568467.0000000002A0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742528093.0000000002768000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: aspnet_regiis.exe, 00000006.00000002.1717568467.00000000029F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900GW0v
    Source: aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900wcX
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002D44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
    Source: aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
    Source: aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719291371.0000000002E0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717802982.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742528093.0000000002768000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.214.93:443 -> 192.168.2.4:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.214.93:443 -> 192.168.2.4:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49734 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.214.93:443 -> 192.168.2.4:49735 version: TLS 1.2
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00438660 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,5_2_00438660
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00438660 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,5_2_00438660
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004101A05_2_004101A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00446DCB5_2_00446DCB
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004010005_2_00401000
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004070205_2_00407020
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0041508C5_2_0041508C
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004480A05_2_004480A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004221A05_2_004221A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004442405_2_00444240
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040B2705_2_0040B270
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040C2105_2_0040C210
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004382105_2_00438210
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004432E05_2_004432E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004012F25_2_004012F2
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042D2955_2_0042D295
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040937E5_2_0040937E
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004053205_2_00405320
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004073D05_2_004073D0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040138D5_2_0040138D
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042A3A85_2_0042A3A8
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004284725_2_00428472
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042D4D45_2_0042D4D4
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042C5105_2_0042C510
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004365E05_2_004365E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004015895_2_00401589
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004305905_2_00430590
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004316705_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042C6E15_2_0042C6E1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004486E05_2_004486E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040A6805_2_0040A680
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040B7005_2_0040B700
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004037805_2_00403780
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004368205_2_00436820
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042B8305_2_0042B830
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0043F8E05_2_0043F8E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042E9275_2_0042E927
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042DB4B5_2_0042DB4B
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00411B505_2_00411B50
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040ABD05_2_0040ABD0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00448BE05_2_00448BE0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00447BE05_2_00447BE0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0043EC605_2_0043EC60
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00407DD05_2_00407DD0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0041DDFF5_2_0041DDFF
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040CF105_2_0040CF10
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025101A08_2_025101A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_02546DCB8_2_02546DCB
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025442408_2_02544240
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0250B2708_2_0250B270
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0250C2108_2_0250C210
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025382108_2_02538210
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025012F28_2_025012F2
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025432E08_2_025432E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0252D2958_2_0252D295
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0250937E8_2_0250937E
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025053208_2_02505320
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025073D08_2_025073D0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025013928_2_02501392
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0252A3A88_2_0252A3A8
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025010008_2_02501000
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025280398_2_02528039
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025070208_2_02507020
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0251508C8_2_0251508C
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025480A08_2_025480A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025221A08_2_025221A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025316708_2_02531670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0252C6E18_2_0252C6E1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025486E08_2_025486E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0250A6808_2_0250A680
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0250B7008_2_0250B700
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025037808_2_02503780
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025284728_2_02528472
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0252D4D48_2_0252D4D4
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0252C5108_2_0252C510
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025365E08_2_025365E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025305908_2_02530590
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0250158E8_2_0250158E
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_02511B508_2_02511B50
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0252DB4B8_2_0252DB4B
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0250ABD08_2_0250ABD0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_02548BE08_2_02548BE0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_02547BE08_2_02547BE0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0252B8308_2_0252B830
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_025368208_2_02536820
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0253F8E08_2_0253F8E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0252E9278_2_0252E927
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0250CF108_2_0250CF10
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0253EC608_2_0253EC60
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_02507DD08_2_02507DD0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 8_2_0251DDFF8_2_0251DDFF
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 0250EBD0 appears 171 times
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 0040EBD0 appears 171 times
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 0250CCF0 appears 51 times
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 0040CCF0 appears 51 times
    Source: msvcp110.dllStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
    Source: classification engineClassification label: mal100.troj.evad.winDLL@16/0@11/2
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00437557 CoCreateInstance,5_2_00437557
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7480:120:WilError_03
    Source: msvcp110.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msvcp110.dll,GetGameData
    Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\msvcp110.dll"
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msvcp110.dll,GetGameData
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",GetGameData
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1Jump to behavior
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msvcp110.dll,GetGameDataJump to behavior
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",GetGameDataJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
    Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\loaddll32.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: webio.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: webio.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: webio.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dpapi.dllJump to behavior
    Source: msvcp110.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
    Source: msvcp110.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0044ED93 push edx; ret 5_2_0044ED9B
    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe TID: 7596Thread sleep time: -60000s >= -30000sJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe TID: 7612Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe TID: 7708Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
    Source: aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWC`
    Source: aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002D3C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717568467.0000000002A0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717694869.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002704000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002704000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWa
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00446170 LdrInitializeThunk,5_2_00446170

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Allocates memory in foreign processes
    Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2500000 protect: page execute and read and writeJump to behavior
    Injects a PE file into a foreign processes
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2500000 value starts with: 4D5AJump to behavior
    LummaC encrypted strings found
    Source: aspnet_regiis.exeString found in binary or memory: chorusarorp.site
    Source: aspnet_regiis.exeString found in binary or memory: abnomalrkmu.site
    Source: aspnet_regiis.exeString found in binary or memory: soldiefieop.site
    Source: aspnet_regiis.exeString found in binary or memory: questionsmw.stor
    Source: aspnet_regiis.exeString found in binary or memory: explorationmsn.stor
    Source: aspnet_regiis.exeString found in binary or memory: absorptioniw.site
    Source: aspnet_regiis.exeString found in binary or memory: mysterisop.site
    Source: aspnet_regiis.exeString found in binary or memory: snarlypagowo.site
    Source: aspnet_regiis.exeString found in binary or memory: treatynreit.site
    Writes to foreign memory regions
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 401000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 44B000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 44E000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 45E000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 28A3008Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 401000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 44B000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 44E000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 45E000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 271B008Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2500000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2501000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 254B000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 254E000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 255E000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2263008Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    PowerShell    		1
    DLL Side-Loading    		311
    Process Injection    		11
    Virtualization/Sandbox Evasion    		OS Credential Dumping1
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		311
    Process Injection    		LSASS Memory11
    Virtualization/Sandbox Evasion    		Remote Desktop Protocol2
    Clipboard Data    		1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    System Information Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
    Obfuscated Files or Information    		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Rundll32    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1525242 Sample: msvcp110.dll Startdate: 03/10/2024 Architecture: WINDOWS Score: 100 30 treatynreit.site 2->30 32 soldiefieop.site 2->32 34 9 other IPs or domains 2->34 40 Suricata IDS alerts for network traffic 2->40 42 Found malware configuration 2->42 44 Antivirus detection for URL or domain 2->44 46 6 other signatures 2->46 9 loaddll32.exe 1 2->9         started        signatures3 process4 process5 11 rundll32.exe 9->11         started        14 cmd.exe 1 9->14         started        16 rundll32.exe 9->16         started        18 conhost.exe 9->18         started        signatures6 54 Writes to foreign memory regions 11->54 56 Allocates memory in foreign processes 11->56 58 Injects a PE file into a foreign processes 11->58 20 aspnet_regiis.exe 11->20         started        23 rundll32.exe 14->23         started        26 aspnet_regiis.exe 16->26         started        process7 dnsIp8 36 beearvagueo.site 172.67.214.93, 443, 49732, 49733 CLOUDFLARENETUS United States 20->36 38 steamcommunity.com 104.102.49.254, 443, 49730, 49731 AKAMAI-ASUS United States 20->38 48 Writes to foreign memory regions 23->48 50 Allocates memory in foreign processes 23->50 52 Injects a PE file into a foreign processes 23->52 28 aspnet_regiis.exe 23->28         started        signatures9 process10

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    msvcp110.dll100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		unknown
      beearvagueo.site
      		172.67.214.93
      		truetrue
        		unknown
        chorusarorp.site
        		unknown
        		unknowntrue
          		unknown
          treatynreit.site
          		unknown
          		unknowntrue
            		unknown
            snarlypagowo.site
            		unknown
            		unknowntrue
              		unknown
              questionsmw.store
              		unknown
              		unknownfalse
                		unknown
                mysterisop.site
                		unknown
                		unknowntrue
                  		unknown
                  absorptioniw.site
                  		unknown
                  		unknowntrue
                    		unknown
                    abnomalrkmu.site
                    		unknown
                    		unknowntrue
                      		unknown
                      soldiefieop.site
                      		unknown
                      		unknowntrue
                        		unknown
                        explorationmsn.store
                        		unknown
                        		unknownfalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          abnomalrkmu.sitetrue
                            		unknown
                            absorptioniw.sitetrue
                              		unknown
                              treatynreit.sitetrue
                                		unknown
                                https://steamcommunity.com/profiles/76561199724331900true
                                • URL Reputation: malware
                                		unknown
                                questionsmw.stortrue
                                  		unknown
                                  snarlypagowo.sitetrue
                                    		unknown
                                    chorusarorp.sitetrue
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://player.vimeo.comaspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://absorptioniw.site:443/apisorptioniw.site/Raspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5faspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://beearvagueo.site/2_aspnet_regiis.exe, 00000006.00000002.1717761124.0000000002A60000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716655884.0000000002A5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://steamcommunity.com/?subsection=broadcastsaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://beearvagueo.site:443/apisslcaspnet_regiis.exe, 00000005.00000002.1719074581.0000000002D44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://store.steampowered.com/subscriber_agreement/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.gstatic.cn/recaptcha/aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://questionsmw.store/paspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://www.valvesoftware.com/legal.htmaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://beearvagueo.site/apioot0aspnet_regiis.exe, 00000006.00000002.1717761124.0000000002A60000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716655884.0000000002A5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://www.youtube.comaspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://absorptioniw.site/naspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.google.comaspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://soldiefieop.site/xaspnet_regiis.exe, 00000008.00000002.1742325454.00000000026A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://abnomalrkmu.site/aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://soldiefieop.site/paspnet_regiis.exe, 00000008.00000002.1742325454.00000000026A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzolaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://abnomalrkmu.site/P;aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://s.ytimg.com;aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://help.steampoweredaspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://steam.tv/aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=englishaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://store.steampowered.com/privacy_agreement/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719291371.0000000002E0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717802982.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742528093.0000000002768000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://beearvagueo.site/api3aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://steamcommunity.com:443/profiles/76561199724331900aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002D44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://avatars.akamai.steamstatic.coraspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://store.steampowered.com/points/shop/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=englisaspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://sketchfab.comaspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://lv.queniujq.cnaspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://mysterisop.site:443/api0uaspnet_regiis.exe, 00000005.00000002.1719074581.0000000002D44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://steamcommunity.com/profiles/76561199724331900/inventory/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719291371.0000000002E0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717568467.0000000002A0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742528093.0000000002768000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                    • URL Reputation: malware
                                                                                    		unknown
                                                                                    https://www.youtube.com/aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&aaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgaspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://store.steampowered.com/privacy_agreement/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://absorptioniw.site:443/apiaspnet_regiis.exe, 00000005.00000002.1719074581.0000000002D44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://beearvagueo.site:443/apiofiles/76561199724331900aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=enaspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://beearvagueo.site/Easpnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://absorptioniw.site/baspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://www.google.com/recaptcha/aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://checkout.steampowered.com/aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://questionsmw.store/aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=englishaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=englishaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://beearvagueo.site/aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://questionsmw.store/Paspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englisaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://store.steampowered.com/;aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://store.steampowered.com/about/aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://steamcommunity.com/my/wishlist/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=englishaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://help.steampowered.com/en/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://mysterisop.site/aspnet_regiis.exe, 00000008.00000002.1742325454.00000000026E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://steamcommunity.com/market/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://store.steampowered.com/news/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://community.akamai.steamstatic.com/aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=24Mgahw2gQy5&l=easpnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=HLoWaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://store.steampowered.com/subscriber_agreement/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719291371.0000000002E0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717802982.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742528093.0000000002768000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719291371.0000000002E0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717802982.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742528093.0000000002768000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://recaptcha.net/recaptcha/;aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=enaspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://steamcommunity.com/discussions/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://store.steampowered.com/stats/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://medal.tvaspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://broadcast.st.dl.eccdnx.comaspnet_regiis.exe, 00000005.00000003.1704237415.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719291371.0000000002E0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717802982.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717568467.0000000002A0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742528093.0000000002768000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://store.steampowered.com/steam_refunds/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://beearvagueo.site/Gnaspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://steamcommunity.com/profiles/76561199724331900GW0vaspnet_regiis.exe, 00000006.00000002.1717568467.00000000029F7000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                      		unknown
                                                                                                                                      https://steamcommunity.com/workshop/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://community.akamai.steamaspnet_regiis.exe, 00000008.00000003.1741919459.0000000002714000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742435747.0000000002714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://login.steampowered.com/aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704147443.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719074581.0000000002DB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          https://store.steampowered.com/legal/aspnet_regiis.exe, 00000005.00000003.1718785412.0000000002E05000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DF9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1704237415.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1719291371.0000000002E0D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703114798.0000000002DC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1703924710.0000000002DFF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1717802982.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1703540719.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716369945.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716469328.0000000002A17000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1716440538.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1742528093.0000000002768000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1741891451.000000000275C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown

                                                                                                                                          World Map of Contacted IPs

                                                                                                                                          • No. of IPs < 25%
                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                          • 75% < No. of IPs

                                                                                                                                          Public IPs

                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                          104.102.49.254
                                                                                                                                          		steamcommunity.comUnited States
                                                                                                                                          		16625AKAMAI-ASUSfalse
                                                                                                                                          172.67.214.93
                                                                                                                                          		beearvagueo.siteUnited States
                                                                                                                                          		13335CLOUDFLARENETUStrue

                                                                                                                                          General Information

                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                          Analysis ID:1525242
                                                                                                                                          Start date and time:2024-10-03 23:20:09 +02:00
                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                          Overall analysis duration:0h 3m 28s
                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                          Report type:full
                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                          Number of analysed new started processes analysed:9
                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                          Technologies:
                                                                                                                                          • HCA enabled
                                                                                                                                          • EGA enabled
                                                                                                                                          • AMSI enabled
                                                                                                                                          Analysis Mode:default
                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                          Sample name:msvcp110.dll
                                                                                                                                          Detection:MAL
                                                                                                                                          Classification:mal100.troj.evad.winDLL@16/0@11/2
                                                                                                                                          EGA Information:
                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                          HCA Information:
                                                                                                                                          • Successful, ratio: 93%
                                                                                                                                          • Number of executed functions: 17
                                                                                                                                          • Number of non-executed functions: 104
                                                                                                                                          Cookbook Comments:
                                                                                                                                          • Found application associated with file extension: .dll
                                                                                                                                          • Stop behavior analysis, all processes terminated

                                                                                                                                          Warnings

                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                          • VT rate limit hit for: msvcp110.dll

                                                                                                                                          Simulations

                                                                                                                                          Behavior and APIs

                                                                                                                                          TimeTypeDescription
                                                                                                                                          17:21:01API Interceptor7x Sleep call for process: aspnet_regiis.exe modified
                                                                                                                                          17:21:04API Interceptor1x Sleep call for process: loaddll32.exe modified

                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                          IPs

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                          • www.valvesoftware.com/legal.htm
                                                                                                                                          172.67.214.93msvcp110.dllGet hashmaliciousLummaCBrowse
                                                                                                                                            http://tebakbola.infoGet hashmaliciousHTMLPhisherBrowse

                                                                                                                                              Domains

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              beearvagueo.sitemsvcp110.dllGet hashmaliciousLummaCBrowse
                                                                                                                                              • 172.67.214.93
                                                                                                                                              steamcommunity.commsvcp110.dllGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              carrier_ratecon.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 23.192.247.89
                                                                                                                                              c84f2f8df965727bcdcc4de6beecf70c960ef7c885e77.dllGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              0a839761915d.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              Activator by URKE v2.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              RD4ttmm3bO.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254

                                                                                                                                              ASNs

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              CLOUDFLARENETUSmsvcp110.dllGet hashmaliciousLummaCBrowse
                                                                                                                                              • 172.67.214.93
                                                                                                                                              https://www.google.se/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s/link.mail.beehiiv.com/ss/c/u001.mtSAz3_WgZe6oQdiJX3I5Wky17Shk-m8xsMoltULMS3mzuBnL-QM9pVTUTxyWc1WyOovmb3Tk3NbIL2d2EAiLnALFxIwpw4Ea5BJnfNlGtrBBU_09OdOyxWIoH5OGk5krozZGyDG04GwV1A1i62V7ZHAsHD2HuXxLRbuTLwJ7nne5OoBikrWbP09wdmrU0Ux1PwQTxWW-4WqOLqDM-eOzn5OS5dc9AC-zsZGTpLU68lyIxLrcGUjprs01qDo_AF9kArbtDnZS59rgsqwPhVy55PUqH74R1QD9RQNSwa0QLjmNb6xFyDx4TkQQ9pmK-Sq/4a7/BVRt3igITgKfI8bq35Ml_w/h53/h001.yn5JRYzfVDjfbL0RFC-jVPp1XHK_GYk_K4Zr7dwWM3MGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.18.68.40
                                                                                                                                              Document-20-18-07.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                              • 188.114.97.3
                                                                                                                                              COVID-19.pdfGet hashmaliciousPDFPhishBrowse
                                                                                                                                              • 162.159.61.3
                                                                                                                                              ORA _ Morningstar DBRS.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.18.86.42
                                                                                                                                              carrier_ratecon.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 188.114.96.3
                                                                                                                                              https://www.ccjm.org/highwire_log/share/mendeley?link=https://onpro.infoGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.18.39.115
                                                                                                                                              das.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                              • 188.114.97.3
                                                                                                                                              vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                              • 188.114.96.3
                                                                                                                                              Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                              • 188.114.96.3
                                                                                                                                              AKAMAI-ASUSmsvcp110.dllGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              teracopy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 184.28.90.27
                                                                                                                                              COVID-19.pdfGet hashmaliciousPDFPhishBrowse
                                                                                                                                              • 23.217.172.185
                                                                                                                                              carrier_ratecon.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 23.192.247.89
                                                                                                                                              c84f2f8df965727bcdcc4de6beecf70c960ef7c885e77.dllGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.7zGet hashmaliciousUnknownBrowse
                                                                                                                                              • 23.201.253.231
                                                                                                                                              0a839761915d.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              Activator by URKE v2.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              phish_alert_sp2_2.0.0.0.emlGet hashmaliciousPhisherBrowse
                                                                                                                                              • 184.28.90.27

                                                                                                                                              JA3 Fingerprints

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1msvcp110.dllGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              • 172.67.214.93
                                                                                                                                              Document-20-18-07.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              • 172.67.214.93
                                                                                                                                              carrier_ratecon.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              • 172.67.214.93
                                                                                                                                              das.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              • 172.67.214.93
                                                                                                                                              vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              • 172.67.214.93
                                                                                                                                              Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              • 172.67.214.93
                                                                                                                                              c84f2f8df965727bcdcc4de6beecf70c960ef7c885e77.dllGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              • 172.67.214.93
                                                                                                                                              0a839761915d.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              • 172.67.214.93
                                                                                                                                              sqlite.dllGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              • 172.67.214.93
                                                                                                                                              Activator by URKE v2.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              • 172.67.214.93

                                                                                                                                              Dropped Files

                                                                                                                                              No context

                                                                                                                                              Created / dropped Files

                                                                                                                                              No created / dropped files found

                                                                                                                                              Static File Info

                                                                                                                                              General

                                                                                                                                              File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Entropy (8bit):7.0898786224561965
                                                                                                                                              TrID:
                                                                                                                                              • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                                                              • DOS Executable Generic (2002/1) 0.20%
                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                              File name:msvcp110.dll
                                                                                                                                              File size:583'168 bytes
                                                                                                                                              MD5:6abf44283ba0f54b3e091c37512dcf09
                                                                                                                                              SHA1:eebc18868eb14a7db6af30ff24c86c23918643a7
                                                                                                                                              SHA256:9d1c18432d75dcd0c0390109dc64971d95e46e323cd0fe3de69a4c404e45a5c3
                                                                                                                                              SHA512:34097d79fc5e33b8580f45e6c1e01e86d9e1b8fc0b3b153b7e0fe9bf6477f617dd9980d85fc6527d1a42460c85b175c89afa02f6146358d99cde1912d1c220e9
                                                                                                                                              SSDEEP:6144:dNrDALKvVQtIY15pxxOrMNM3rBAFX7N1z/gPX7h//7cu58lBtwGRPuRoiPymvjtc:cv/pi0MbSVYPXJ7xud0RoakX
                                                                                                                                              TLSH:28C47CD17EE1DA75FA2DCA71BC744787BC3E47602A0CCD8B1D26CC016E1A8E6581276B
                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................S....................s...............4.......4.......4...............4.......4......Rich...........

                                                                                                                                              File Icon

                                                                                                                                              Icon Hash:7ae282899bbab082

                                                                                                                                              Static PE Info

                                                                                                                                              General

                                                                                                                                              Entrypoint:0x10020cd4
                                                                                                                                              Entrypoint Section:.text
                                                                                                                                              Digitally signed:false
                                                                                                                                              Imagebase:0x10000000
                                                                                                                                              Subsystem:windows gui
                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                                                              Time Stamp:0x66FDAC48 [Wed Oct 2 20:25:44 2024 UTC]
                                                                                                                                              TLS Callbacks:
                                                                                                                                              CLR (.Net) Version:
                                                                                                                                              OS Version Major:6
                                                                                                                                              OS Version Minor:0
                                                                                                                                              File Version Major:6
                                                                                                                                              File Version Minor:0
                                                                                                                                              Subsystem Version Major:6
                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                              Import Hash:e508a746a3946beda3b79173e8298687

                                                                                                                                              Entrypoint Preview

                                                                                                                                              Instruction
                                                                                                                                              push ebp
                                                                                                                                              mov ebp, esp
                                                                                                                                              cmp dword ptr [ebp+0Ch], 01h
                                                                                                                                              jne 00007FBE60843DE7h
                                                                                                                                              call 00007FBE60843FBBh
                                                                                                                                              push dword ptr [ebp+10h]
                                                                                                                                              push dword ptr [ebp+0Ch]
                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                              call 00007FBE60843C93h
                                                                                                                                              add esp, 0Ch
                                                                                                                                              pop ebp
                                                                                                                                              retn 000Ch
                                                                                                                                              push ebp
                                                                                                                                              mov ebp, esp
                                                                                                                                              push 00000000h
                                                                                                                                              call dword ptr [1002E058h]
                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                              call dword ptr [1002E054h]
                                                                                                                                              push C0000409h
                                                                                                                                              call dword ptr [1002E008h]
                                                                                                                                              push eax
                                                                                                                                              call dword ptr [1002E05Ch]
                                                                                                                                              pop ebp
                                                                                                                                              ret
                                                                                                                                              push ebp
                                                                                                                                              mov ebp, esp
                                                                                                                                              sub esp, 00000324h
                                                                                                                                              push 00000017h
                                                                                                                                              call dword ptr [1002E060h]
                                                                                                                                              test eax, eax
                                                                                                                                              je 00007FBE60843DE7h
                                                                                                                                              push 00000002h
                                                                                                                                              pop ecx
                                                                                                                                              int 29h
                                                                                                                                              mov dword ptr [1008DAA0h], eax
                                                                                                                                              mov dword ptr [1008DA9Ch], ecx
                                                                                                                                              mov dword ptr [1008DA98h], edx
                                                                                                                                              mov dword ptr [1008DA94h], ebx
                                                                                                                                              mov dword ptr [1008DA90h], esi
                                                                                                                                              mov dword ptr [1008DA8Ch], edi
                                                                                                                                              mov word ptr [1008DAB8h], ss
                                                                                                                                              mov word ptr [1008DAACh], cs
                                                                                                                                              mov word ptr [1008DA88h], ds
                                                                                                                                              mov word ptr [1008DA84h], es
                                                                                                                                              mov word ptr [1008DA80h], fs
                                                                                                                                              mov word ptr [1008DA7Ch], gs
                                                                                                                                              pushfd
                                                                                                                                              pop dword ptr [1008DAB0h]
                                                                                                                                              mov eax, dword ptr [ebp+00h]
                                                                                                                                              mov dword ptr [1008DAA4h], eax
                                                                                                                                              mov eax, dword ptr [ebp+04h]
                                                                                                                                              mov dword ptr [0008DAA8h], eax

                                                                                                                                              Rich Headers

                                                                                                                                              Programming Language:
                                                                                                                                              • [IMP] VS2005 build 50727

                                                                                                                                              Data Directories

                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x343900x78.rdata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x344080x3c.rdata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x8f0000x1b38.reloc
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x337400x1c.rdata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x336800x40.rdata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x2e0000x150.rdata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                              Sections

                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                              .text0x10000x2ce630x2d000d341b70e7cbd6752058b71e9d834154aFalse0.4305338541666667data6.636088388837348IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                              .rdata0x2e0000x6ba60x6c00ac7bcb4c1a00b7aa5af7f75004955bc5False0.4429976851851852data5.110227582096803IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                              .data0x350000x596100x58a00866886c972b822833801240171ddf22eFalse0.47594267894922426data6.6661545064109475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                              .reloc0x8f0000x1b380x1c00391c715d77ea45476cb46db548f4f279False0.7756696428571429data6.610375933788232IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                              Imports

                                                                                                                                              DLLImport
                                                                                                                                              USER32.dllShowWindow
                                                                                                                                              KERNEL32.dllEncodePointer, WriteConsoleW, GetCurrentProcess, GetModuleHandleA, K32GetModuleInformation, GetModuleFileNameA, CreateFileA, CreateFileMappingA, CloseHandle, MapViewOfFile, VirtualProtect, GetModuleHandleW, GetConsoleWindow, VirtualAlloc, CreateProcessW, GetThreadContext, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, SetThreadContext, ResumeThread, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, CreateFileW, RaiseException, InterlockedFlushSList, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, DecodePointer, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapAlloc, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, GetProcessHeap, GetStdHandle, GetFileType, GetStringTypeW, HeapSize, HeapReAlloc, SetStdHandle, FlushFileBuffers, WriteFile, GetConsoleOutputCP, GetConsoleMode, SetFilePointerEx

                                                                                                                                              Exports

                                                                                                                                              NameOrdinalAddress
                                                                                                                                              GetGameData10x1000ec80

                                                                                                                                              Network Behavior

                                                                                                                                              Suricata IDS Alerts

                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                              2024-10-03T23:21:02.997034+02002056402ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionsmw .store)1192.168.2.4623621.1.1.153UDP
                                                                                                                                              2024-10-03T23:21:03.007803+02002056408ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soldiefieop .site)1192.168.2.4491831.1.1.153UDP
                                                                                                                                              2024-10-03T23:21:03.019015+02002056392ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abnomalrkmu .site)1192.168.2.4603371.1.1.153UDP
                                                                                                                                              2024-10-03T23:21:03.030766+02002056396ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chorusarorp .site)1192.168.2.4622871.1.1.153UDP
                                                                                                                                              2024-10-03T23:21:03.042680+02002056410ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatynreit .site)1192.168.2.4579701.1.1.153UDP
                                                                                                                                              2024-10-03T23:21:03.076728+02002056406ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snarlypagowo .site)1192.168.2.4503921.1.1.153UDP
                                                                                                                                              2024-10-03T23:21:03.088272+02002056400ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mysterisop .site)1192.168.2.4568321.1.1.153UDP
                                                                                                                                              2024-10-03T23:21:03.100040+02002056394ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (absorptioniw .site)1192.168.2.4497451.1.1.153UDP
                                                                                                                                              2024-10-03T23:21:05.729774+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449733172.67.214.93443TCP
                                                                                                                                              2024-10-03T23:21:05.729774+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449733172.67.214.93443TCP
                                                                                                                                              2024-10-03T23:21:05.971775+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449732172.67.214.93443TCP
                                                                                                                                              2024-10-03T23:21:05.971775+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449732172.67.214.93443TCP
                                                                                                                                              2024-10-03T23:21:08.282237+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449735172.67.214.93443TCP
                                                                                                                                              2024-10-03T23:21:08.282237+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449735172.67.214.93443TCP

                                                                                                                                              Network Port Distribution

                                                                                                                                              TCP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Oct 3, 2024 23:21:03.131166935 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.131201029 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.131411076 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.131800890 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.131895065 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.131992102 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.134715080 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.134742022 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.134934902 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.134967089 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.785010099 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.785279036 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.787750006 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.787940979 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.788832903 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.788846970 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.788868904 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.788887978 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.789184093 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.789207935 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.829787016 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.829793930 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.872009039 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.874001026 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:03.915433884 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.919406891 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.276359081 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.276429892 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.276544094 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.276575089 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.276606083 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.276757956 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.276757956 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.276757956 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.276757956 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.276757956 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.276834011 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.277158022 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.336429119 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.336452007 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.336486101 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.336500883 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.336520910 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.336529016 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.336591959 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.336630106 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.336631060 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.336666107 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.379864931 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.379930019 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.379976988 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.380044937 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.380080938 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.380104065 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.385461092 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.385549068 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.385575056 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.385628939 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.385643959 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.385730028 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.385780096 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.395853996 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.395889044 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.395912886 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.395927906 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.431443930 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.431468964 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.431536913 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.431571960 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.431597948 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.431617975 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.438626051 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.438695908 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.438709974 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.438730001 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.438764095 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.438790083 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.439338923 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.439378023 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.439425945 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:04.439440966 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.777950048 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:04.778040886 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.778131962 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:04.778662920 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:04.778697014 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.779447079 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:04.779546976 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.779622078 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:04.780181885 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:04.780236006 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.251334906 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.251435995 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.254105091 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.254209995 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.256032944 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.256059885 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.256472111 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.256815910 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.256845951 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.257077932 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.258285999 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.258323908 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.258387089 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.258972883 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.259030104 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.259061098 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.729655981 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.729950905 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.730057955 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.730475903 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.730525970 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.730556011 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.730572939 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.971587896 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.971668959 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.971729994 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.971909046 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.971950054 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.971999884 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:05.972016096 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.991811037 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:05.991902113 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:05.991993904 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:05.993264914 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:05.993302107 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:06.637039900 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:06.637367010 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:06.638572931 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:06.638628960 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:06.638859034 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:06.689342022 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:06.694637060 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:06.739403009 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.195528984 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.195591927 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.195635080 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:07.195703983 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.195739031 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.195758104 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.195794106 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:07.195794106 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:07.195794106 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:07.195825100 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:07.296087027 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.296144962 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.296186924 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:07.296220064 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.296247005 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:07.296286106 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:07.301394939 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.301485062 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:07.301502943 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.301556110 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:07.301632881 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.301688910 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:07.303060055 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:07.303095102 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.303136110 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                              Oct 3, 2024 23:21:07.303149939 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.390222073 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:07.390314102 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.390400887 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:07.393126965 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:07.393162966 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.854499102 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.854648113 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:07.861821890 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:07.861849070 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.862133980 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:07.864190102 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:07.864222050 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:07.864268064 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:08.282291889 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:08.282536983 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:08.282638073 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:08.282728910 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:08.282728910 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                              Oct 3, 2024 23:21:08.282773018 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:08.282799006 CEST44349735172.67.214.93192.168.2.4

                                                                                                                                              UDP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Oct 3, 2024 23:21:02.983731985 CEST6300053192.168.2.41.1.1.1
                                                                                                                                              Oct 3, 2024 23:21:02.992974043 CEST53630001.1.1.1192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:02.997034073 CEST6236253192.168.2.41.1.1.1
                                                                                                                                              Oct 3, 2024 23:21:03.006308079 CEST53623621.1.1.1192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.007802963 CEST4918353192.168.2.41.1.1.1
                                                                                                                                              Oct 3, 2024 23:21:03.016999006 CEST53491831.1.1.1192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.019015074 CEST6033753192.168.2.41.1.1.1
                                                                                                                                              Oct 3, 2024 23:21:03.029510021 CEST53603371.1.1.1192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.030766010 CEST6228753192.168.2.41.1.1.1
                                                                                                                                              Oct 3, 2024 23:21:03.040456057 CEST53622871.1.1.1192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.042680025 CEST5797053192.168.2.41.1.1.1
                                                                                                                                              Oct 3, 2024 23:21:03.052799940 CEST53579701.1.1.1192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.076728106 CEST5039253192.168.2.41.1.1.1
                                                                                                                                              Oct 3, 2024 23:21:03.086896896 CEST53503921.1.1.1192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.088272095 CEST5683253192.168.2.41.1.1.1
                                                                                                                                              Oct 3, 2024 23:21:03.098444939 CEST53568321.1.1.1192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.100039959 CEST4974553192.168.2.41.1.1.1
                                                                                                                                              Oct 3, 2024 23:21:03.116357088 CEST53497451.1.1.1192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:03.117981911 CEST5181453192.168.2.41.1.1.1
                                                                                                                                              Oct 3, 2024 23:21:03.125911951 CEST53518141.1.1.1192.168.2.4
                                                                                                                                              Oct 3, 2024 23:21:04.764183998 CEST5900953192.168.2.41.1.1.1
                                                                                                                                              Oct 3, 2024 23:21:04.776696920 CEST53590091.1.1.1192.168.2.4

                                                                                                                                              DNS Queries

                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                              Oct 3, 2024 23:21:02.983731985 CEST192.168.2.41.1.1.10x827Standard query (0)explorationmsn.storeA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:02.997034073 CEST192.168.2.41.1.1.10x77baStandard query (0)questionsmw.storeA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.007802963 CEST192.168.2.41.1.1.10x7829Standard query (0)soldiefieop.siteA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.019015074 CEST192.168.2.41.1.1.10xf497Standard query (0)abnomalrkmu.siteA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.030766010 CEST192.168.2.41.1.1.10xac68Standard query (0)chorusarorp.siteA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.042680025 CEST192.168.2.41.1.1.10x899fStandard query (0)treatynreit.siteA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.076728106 CEST192.168.2.41.1.1.10x39d9Standard query (0)snarlypagowo.siteA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.088272095 CEST192.168.2.41.1.1.10x3106Standard query (0)mysterisop.siteA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.100039959 CEST192.168.2.41.1.1.10x9e31Standard query (0)absorptioniw.siteA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.117981911 CEST192.168.2.41.1.1.10x45a7Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:04.764183998 CEST192.168.2.41.1.1.10xe3faStandard query (0)beearvagueo.siteA (IP address)IN (0x0001)false

                                                                                                                                              DNS Answers

                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                              Oct 3, 2024 23:21:02.992974043 CEST1.1.1.1192.168.2.40x827Name error (3)explorationmsn.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.006308079 CEST1.1.1.1192.168.2.40x77baName error (3)questionsmw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.016999006 CEST1.1.1.1192.168.2.40x7829Name error (3)soldiefieop.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.029510021 CEST1.1.1.1192.168.2.40xf497Name error (3)abnomalrkmu.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.040456057 CEST1.1.1.1192.168.2.40xac68Name error (3)chorusarorp.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.052799940 CEST1.1.1.1192.168.2.40x899fName error (3)treatynreit.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.086896896 CEST1.1.1.1192.168.2.40x39d9Name error (3)snarlypagowo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.098444939 CEST1.1.1.1192.168.2.40x3106Name error (3)mysterisop.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.116357088 CEST1.1.1.1192.168.2.40x9e31Name error (3)absorptioniw.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:03.125911951 CEST1.1.1.1192.168.2.40x45a7No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:04.776696920 CEST1.1.1.1192.168.2.40xe3faNo error (0)beearvagueo.site172.67.214.93A (IP address)IN (0x0001)false
                                                                                                                                              Oct 3, 2024 23:21:04.776696920 CEST1.1.1.1192.168.2.40xe3faNo error (0)beearvagueo.site104.21.93.202A (IP address)IN (0x0001)false

                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                              • steamcommunity.com
                                                                                                                                              • beearvagueo.site

                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              0192.168.2.449731104.102.49.2544437584C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              2024-10-03 21:21:03 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                              Connection: Keep-Alive
                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                              Host: steamcommunity.com
                                                                                                                                              2024-10-03 21:21:04 UTC1870INHTTP/1.1 200 OK
                                                                                                                                              Server: nginx
                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                              Cache-Control: no-cache
                                                                                                                                              Date: Thu, 03 Oct 2024 21:21:04 GMT
                                                                                                                                              Content-Length: 34832
                                                                                                                                              Connection: close
                                                                                                                                              Set-Cookie: sessionid=cc469bee94fcd1e0d108b892; Path=/; Secure; SameSite=None
                                                                                                                                              Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                              2024-10-03 21:21:04 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                              2024-10-03 21:21:04 UTC16384INData Raw: 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c
                                                                                                                                              Data Ascii: ript type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global
                                                                                                                                              2024-10-03 21:21:04 UTC3768INData Raw: 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e
                                                                                                                                              Data Ascii: div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function() { In
                                                                                                                                              2024-10-03 21:21:04 UTC166INData Raw: 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: n>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              1192.168.2.449730104.102.49.2544437572C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              2024-10-03 21:21:03 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                              Connection: Keep-Alive
                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                              Host: steamcommunity.com
                                                                                                                                              2024-10-03 21:21:04 UTC1870INHTTP/1.1 200 OK
                                                                                                                                              Server: nginx
                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                              Cache-Control: no-cache
                                                                                                                                              Date: Thu, 03 Oct 2024 21:21:04 GMT
                                                                                                                                              Content-Length: 34832
                                                                                                                                              Connection: close
                                                                                                                                              Set-Cookie: sessionid=617cb025355d0c4f3fc3ac07; Path=/; Secure; SameSite=None
                                                                                                                                              Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                              2024-10-03 21:21:04 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                              2024-10-03 21:21:04 UTC16384INData Raw: 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c
                                                                                                                                              Data Ascii: ript type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global
                                                                                                                                              2024-10-03 21:21:04 UTC3768INData Raw: 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e
                                                                                                                                              Data Ascii: div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function() { In
                                                                                                                                              2024-10-03 21:21:04 UTC166INData Raw: 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: n>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              2192.168.2.449733172.67.214.934437584C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              2024-10-03 21:21:05 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                              Connection: Keep-Alive
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                              Content-Length: 8
                                                                                                                                              Host: beearvagueo.site
                                                                                                                                              2024-10-03 21:21:05 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                              Data Ascii: act=life
                                                                                                                                              2024-10-03 21:21:05 UTC768INHTTP/1.1 200 OK
                                                                                                                                              Date: Thu, 03 Oct 2024 21:21:05 GMT
                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Set-Cookie: PHPSESSID=5034bgkk8s0ibcj2n53lar1tud; expires=Mon, 27 Jan 2025 15:07:44 GMT; Max-Age=9999999; path=/
                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                              Pragma: no-cache
                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5l3YAqOPrL3Jx4teHJ%2FEPpiFy17mh4UCbfPYCSGtaLAm06psR68PjPxmlLNj9%2B7DHJcgl66yhYv%2BL5fDvBHDtKyp46LlH7xIfltAvwQEkjoRAG6Q2yBI8Ho2IRu3wEM9pUK%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                              Server: cloudflare
                                                                                                                                              CF-RAY: 8ccffad859890c9d-EWR
                                                                                                                                              2024-10-03 21:21:05 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                              Data Ascii: aerror #D12
                                                                                                                                              2024-10-03 21:21:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                              Data Ascii: 0


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              3192.168.2.449732172.67.214.934437572C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              2024-10-03 21:21:05 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                              Connection: Keep-Alive
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                              Content-Length: 8
                                                                                                                                              Host: beearvagueo.site
                                                                                                                                              2024-10-03 21:21:05 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                              Data Ascii: act=life
                                                                                                                                              2024-10-03 21:21:05 UTC766INHTTP/1.1 200 OK
                                                                                                                                              Date: Thu, 03 Oct 2024 21:21:05 GMT
                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Set-Cookie: PHPSESSID=5fht6kpaucr0q30e431uoquod5; expires=Mon, 27 Jan 2025 15:07:44 GMT; Max-Age=9999999; path=/
                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                              Pragma: no-cache
                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xgMIssSOLgHKApmWiP0%2FGoLAkA3ysnTv1hFXSeAxM%2F8VSmKzsgusLR5KiGKWqr6U1eWa9CJfRghxoschVFZQ8h%2BnJ9XtWmicopIDE6TapLoxIQbgbiFUUeSX9X9HbQMGDBuN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                              Server: cloudflare
                                                                                                                                              CF-RAY: 8ccffad859734264-EWR
                                                                                                                                              2024-10-03 21:21:05 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                              Data Ascii: aerror #D12
                                                                                                                                              2024-10-03 21:21:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                              Data Ascii: 0


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              4192.168.2.449734104.102.49.2544437688C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              2024-10-03 21:21:06 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                              Connection: Keep-Alive
                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                              Host: steamcommunity.com
                                                                                                                                              2024-10-03 21:21:07 UTC1870INHTTP/1.1 200 OK
                                                                                                                                              Server: nginx
                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                              Cache-Control: no-cache
                                                                                                                                              Date: Thu, 03 Oct 2024 21:21:07 GMT
                                                                                                                                              Content-Length: 34832
                                                                                                                                              Connection: close
                                                                                                                                              Set-Cookie: sessionid=31637283533791ee12ef1f46; Path=/; Secure; SameSite=None
                                                                                                                                              Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                              2024-10-03 21:21:07 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                              2024-10-03 21:21:07 UTC16384INData Raw: 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c
                                                                                                                                              Data Ascii: ript type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global
                                                                                                                                              2024-10-03 21:21:07 UTC3768INData Raw: 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e
                                                                                                                                              Data Ascii: div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function() { In
                                                                                                                                              2024-10-03 21:21:07 UTC166INData Raw: 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: n>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              5192.168.2.449735172.67.214.934437688C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              2024-10-03 21:21:07 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                              Connection: Keep-Alive
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                              Content-Length: 8
                                                                                                                                              Host: beearvagueo.site
                                                                                                                                              2024-10-03 21:21:07 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                              Data Ascii: act=life
                                                                                                                                              2024-10-03 21:21:08 UTC799INHTTP/1.1 200 OK
                                                                                                                                              Date: Thu, 03 Oct 2024 21:21:08 GMT
                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Set-Cookie: PHPSESSID=evoo22ek7plsto6ut5d5nt7b76; expires=Mon, 27 Jan 2025 15:07:47 GMT; Max-Age=9999999; path=/
                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                              Pragma: no-cache
                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                              vary: accept-encoding
                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i9Ycz9Qrmx%2B%2FimyN2%2BkN%2BpUGr%2FdMQJMORMCvJMan5MWQzZFr7q9xsKCeNomssqCJ66qQMVMaIglnHWAlH6qVRGAzNo2gGvA7%2FxRs2fxUJi%2FmOdI8jxAfJdBoLo7SABh%2FqgYk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                              Server: cloudflare
                                                                                                                                              CF-RAY: 8ccffae8a8f64289-EWR
                                                                                                                                              2024-10-03 21:21:08 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                              Data Ascii: aerror #D12
                                                                                                                                              2024-10-03 21:21:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                              Data Ascii: 0


                                                                                                                                              Statistics

                                                                                                                                              CPU Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              Memory Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              Behavior

                                                                                                                                              Click to jump to process

                                                                                                                                              System Behavior

                                                                                                                                              General

                                                                                                                                              Target ID:0
                                                                                                                                              Start time:17:21:01
                                                                                                                                              Start date:03/10/2024
                                                                                                                                              Path:C:\Windows\System32\loaddll32.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:loaddll32.exe "C:\Users\user\Desktop\msvcp110.dll"
                                                                                                                                              Imagebase:0x4f0000
                                                                                                                                              File size:126'464 bytes
                                                                                                                                              MD5 hash:51E6071F9CBA48E79F10C84515AAE618
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:1
                                                                                                                                              Start time:17:21:01
                                                                                                                                              Start date:03/10/2024
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                              File size:862'208 bytes
                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:2
                                                                                                                                              Start time:17:21:01
                                                                                                                                              Start date:03/10/2024
                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1
                                                                                                                                              Imagebase:0x240000
                                                                                                                                              File size:236'544 bytes
                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:3
                                                                                                                                              Start time:17:21:01
                                                                                                                                              Start date:03/10/2024
                                                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:rundll32.exe C:\Users\user\Desktop\msvcp110.dll,GetGameData
                                                                                                                                              Imagebase:0x680000
                                                                                                                                              File size:61'440 bytes
                                                                                                                                              MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:4
                                                                                                                                              Start time:17:21:01
                                                                                                                                              Start date:03/10/2024
                                                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1
                                                                                                                                              Imagebase:0x680000
                                                                                                                                              File size:61'440 bytes
                                                                                                                                              MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:5
                                                                                                                                              Start time:17:21:01
                                                                                                                                              Start date:03/10/2024
                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                                                                                                                              Imagebase:0x160000
                                                                                                                                              File size:43'016 bytes
                                                                                                                                              MD5 hash:5D1D74198D75640E889F0A577BBF31FC
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:moderate
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:6
                                                                                                                                              Start time:17:21:01
                                                                                                                                              Start date:03/10/2024
                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                                                                                                                              Imagebase:0x160000
                                                                                                                                              File size:43'016 bytes
                                                                                                                                              MD5 hash:5D1D74198D75640E889F0A577BBF31FC
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:moderate
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:7
                                                                                                                                              Start time:17:21:04
                                                                                                                                              Start date:03/10/2024
                                                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",GetGameData
                                                                                                                                              Imagebase:0x680000
                                                                                                                                              File size:61'440 bytes
                                                                                                                                              MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:8
                                                                                                                                              Start time:17:21:04
                                                                                                                                              Start date:03/10/2024
                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                                                                                                                              Imagebase:0x160000
                                                                                                                                              File size:43'016 bytes
                                                                                                                                              MD5 hash:5D1D74198D75640E889F0A577BBF31FC
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:moderate
                                                                                                                                              Has exited:true

                                                                                                                                              Disassembly

                                                                                                                                              Reset < >

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:1.2%
                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                Signature Coverage:11.9%
                                                                                                                                                Total number of Nodes:42
                                                                                                                                                Total number of Limit Nodes:3
                                                                                                                                                execution_graph 20850 40d440 20851 40d449 20850->20851 20852 40d451 GetInputState 20851->20852 20853 40d62e ExitProcess 20851->20853 20854 40d45e 20852->20854 20855 40d466 GetCurrentThreadId GetCurrentProcessId 20854->20855 20856 40d629 20854->20856 20858 40d491 20855->20858 20868 445ce0 FreeLibrary 20856->20868 20864 40ebe0 20858->20864 20865 40ec5b 20864->20865 20866 40ed1c LoadLibraryExW 20865->20866 20867 40ed33 20866->20867 20868->20853 20903 446514 20905 4462d0 20903->20905 20904 446573 20905->20904 20907 446170 LdrInitializeThunk 20905->20907 20907->20905 20869 40f586 20870 40f672 20869->20870 20873 4101a0 20870->20873 20875 410230 20873->20875 20874 40f6bb 20875->20874 20877 445d00 20875->20877 20878 445d1b 20877->20878 20883 445d7c 20877->20883 20879 445d87 20878->20879 20880 445d29 20878->20880 20884 4434c0 20879->20884 20881 445d66 RtlReAllocateHeap 20880->20881 20881->20883 20883->20875 20885 443539 20884->20885 20887 4434d6 20884->20887 20885->20883 20886 443526 RtlFreeHeap 20886->20885 20887->20886 20893 4461ce 20895 4461fa 20893->20895 20894 44624e 20895->20894 20897 446170 LdrInitializeThunk 20895->20897 20897->20894 20913 443498 20914 44349e RtlAllocateHeap 20913->20914 20915 44505a 20916 4450c4 LoadLibraryExW 20915->20916 20917 44509e 20915->20917 20918 4450d6 20916->20918 20917->20916 20918->20918

                                                                                                                                                Executed Functions

                                                                                                                                                Function 004101A0 Relevance: 1.7, Strings: 1, Instructions: 404COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 130 4101a0-41022b 131 410230-410239 130->131 131->131 132 41023b-41024e 131->132 134 410592-410594 132->134 135 410255-410257 132->135 136 4104e6-4104ea 132->136 137 410596-4105b1 132->137 138 410569-410575 132->138 139 41057a-41058b 132->139 140 41025c-41048f 132->140 141 4104ef-410562 call 40cc40 132->141 163 4105e9-41060e 134->163 145 4107c8-4107cf 135->145 142 4107bc-4107c5 136->142 166 4105b3 137->166 167 4105e6 137->167 144 4107b0 138->144 139->134 139->137 146 410667-410674 139->146 147 410789-41078f 139->147 148 410729-410744 139->148 149 410771-410782 139->149 150 410790 139->150 151 410750-41076b 139->151 152 4106d0 139->152 153 4107d0 139->153 154 410792-410797 139->154 155 410697-4106b2 139->155 156 4106d7-4106de 139->156 157 410656-410662 139->157 158 4107d6 139->158 159 4106b9-4106c9 139->159 160 41071d-410720 139->160 161 41079e 139->161 162 4106fe-410705 call 445d00 139->162 164 410491 140->164 165 4104c8-4104d3 140->165 141->134 141->137 141->138 141->139 141->146 141->147 141->148 141->149 141->150 141->151 141->152 141->153 141->154 141->155 141->156 141->157 141->158 141->159 141->160 141->161 141->162 142->145 184 4107b9 144->184 185 41067d-410690 146->185 147->150 148->151 149->147 149->152 149->153 149->156 149->158 149->161 151->149 152->156 154->152 154->153 154->156 154->158 154->161 155->147 155->148 155->149 155->150 155->151 155->152 155->153 155->154 155->156 155->158 155->159 155->160 155->161 155->162 178 4106e5-4106f7 156->178 172 4107a7 157->172 159->156 160->148 161->172 179 41070a-410716 162->179 170 410610-410634 call 412870 163->170 171 410636-41064f 163->171 174 4104a0-4104c6 call 4127f0 164->174 177 4104d6-4104df 165->177 169 4105c0-4105e4 call 4128c0 166->169 167->163 169->167 170->171 171->146 171->147 171->148 171->149 171->150 171->151 171->152 171->153 171->154 171->155 171->156 171->157 171->158 171->159 171->160 171->161 171->162 172->144 174->165 177->134 177->136 177->137 177->138 177->139 177->141 177->146 177->147 177->148 177->149 177->150 177->151 177->152 177->153 177->154 177->155 177->156 177->157 177->158 177->159 177->160 177->161 177->162 178->147 178->148 178->149 178->150 178->151 178->152 178->153 178->154 178->156 178->158 178->160 178->161 178->162 179->147 179->148 179->149 179->150 179->151 179->152 179->153 179->154 179->156 179->158 179->160 179->161 184->142 185->147 185->148 185->149 185->150 185->151 185->152 185->153 185->154 185->155 185->156 185->158 185->159 185->160 185->161 185->162
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 5{1y
                                                                                                                                                • API String ID: 0-1368497684
                                                                                                                                                • Opcode ID: e8ea5d1cda620284d3cca87f1e47a629425b054d3919e2718f6e2ab83fb85a4f
                                                                                                                                                • Instruction ID: 430970ba5aa758463fc1d266fd814e1e4b8d4bbd5d3e872d0ea25936ea341aea
                                                                                                                                                • Opcode Fuzzy Hash: e8ea5d1cda620284d3cca87f1e47a629425b054d3919e2718f6e2ab83fb85a4f
                                                                                                                                                • Instruction Fuzzy Hash: 19F124B1100B00DFE3208F26D984B97BBF5FB46708F108A2DE5AA8BAA1D774B455CF54
                                                                                                                                                Function 00446DCB Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 204 446dcb-446dfe 205 446e05-446e1b 204->205 206 446ef9-446f09 204->206 209 446e22-446e4b call 40cce0 205->209 210 446e1d-446e20 205->210 207 446f10-446f11 call 40cce0 206->207 208 446f0b-446f0e 206->208 213 446f16-446f33 207->213 208->207 236 446f3a-446f65 209->236 237 446e51-446e53 209->237 210->209 215 4471e7-4471ec 213->215 216 446fa0-446fc6 213->216 217 447120-44712c 213->217 218 447140 213->218 219 447160-447169 213->219 220 447142-44714a 213->220 221 447183-447193 213->221 222 4470ec-447116 213->222 223 446fcd-446fdf 213->223 224 447269-447276 213->224 225 4470c9-4470d5 213->225 226 447209-44723c 213->226 227 447250-447262 213->227 228 447170-44717c 213->228 229 4471b0-4471b8 213->229 230 447151-447159 213->230 231 4471d2-4471e0 213->231 232 4471f3-447202 213->232 233 4470dc-4470e5 213->233 234 4471bf-4471cb 213->234 235 44719a-4471a9 213->235 213->236 215->226 215->227 215->232 215->234 216->215 216->216 216->217 216->218 216->219 216->220 216->221 216->222 216->223 216->224 216->225 216->226 216->227 216->228 216->229 216->230 216->231 216->232 216->233 216->234 216->235 217->215 217->218 217->219 217->220 217->221 217->226 217->227 217->228 217->229 217->230 217->231 217->232 217->234 217->235 219->215 219->217 219->218 219->219 219->220 219->221 219->226 219->227 219->228 219->229 219->230 219->231 219->232 219->234 219->235 220->215 220->219 220->221 220->226 220->227 220->228 220->229 220->230 220->231 220->232 220->234 220->235 221->215 221->226 221->227 221->229 221->231 221->232 221->234 221->235 222->215 222->217 222->218 222->219 222->220 222->221 222->226 222->227 222->228 222->229 222->230 222->231 222->232 222->234 222->235 241 446fe0-446fed 223->241 225->215 225->217 225->218 225->219 225->220 225->221 225->222 225->226 225->227 225->228 225->229 225->230 225->231 225->232 225->233 225->234 225->235 226->215 226->216 226->217 226->218 226->219 226->220 226->221 226->222 226->223 226->224 226->225 226->226 226->227 226->228 226->229 226->230 226->231 226->232 226->233 226->234 226->235 227->215 227->216 227->217 227->218 227->219 227->220 227->221 227->222 227->223 227->224 227->225 227->226 227->227 227->228 227->229 227->230 227->231 227->232 227->233 227->234 227->235 228->215 228->221 228->226 228->227 228->229 228->231 228->232 228->234 228->235 229->226 229->227 229->232 229->234 230->215 230->219 230->221 230->226 230->227 230->229 230->231 230->232 230->234 230->235 231->215 231->226 231->227 231->229 231->232 231->234 232->226 232->227 233->215 233->217 233->218 233->219 233->220 233->221 233->222 233->226 233->227 233->228 233->229 233->230 233->231 233->232 233->234 233->235 234->215 234->226 234->227 234->229 234->231 234->232 234->234 235->215 235->226 235->227 235->229 235->231 235->232 235->234 236->215 236->216 236->217 236->218 236->219 236->220 236->221 236->222 236->223 236->224 236->225 236->226 236->227 236->228 236->229 236->230 236->231 236->232 236->233 236->234 236->235 239 446f6c-446f94 call 40ccf0 236->239 240 446ed3-446ef2 236->240 237->236 238 446e59-446e5f 237->238 242 446e61-446e6f 238->242 243 446ebd-446ecc 238->243 239->215 239->216 239->217 239->218 239->219 239->220 239->221 239->222 239->223 239->224 239->225 239->226 239->227 239->228 239->229 239->230 239->231 239->232 239->233 239->234 239->235 240->206 240->215 240->216 240->217 240->218 240->219 240->220 240->221 240->222 240->223 240->224 240->225 240->226 240->227 240->228 240->229 240->230 240->231 240->232 240->233 240->234 240->235 241->241 244 446fef-44700d 241->244 248 446e70-446ebb 242->248 243->215 243->216 243->217 243->218 243->219 243->220 243->221 243->222 243->223 243->224 243->225 243->226 243->227 243->228 243->229 243->230 243->231 243->232 243->233 243->234 243->235 243->239 243->240 246 44700f 244->246 247 447039-447040 244->247 250 447010-447037 call 447340 246->250 251 4470b0-4470c2 247->251 252 447042-447054 247->252 248->243 248->248 250->247 251->215 251->216 251->217 251->218 251->219 251->220 251->221 251->222 251->225 251->226 251->227 251->228 251->229 251->230 251->231 251->232 251->233 251->234 251->235 254 447056-44705f 252->254 255 44708f-447094 252->255 257 447060-447089 254->257 255->251 258 447096-44709b 255->258 257->257 259 44708b 257->259 260 4470a0-4470ae 258->260 259->255 260->251 260->260
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: BqD
                                                                                                                                                • API String ID: 0-3419032962
                                                                                                                                                • Opcode ID: ed37e71b918876b5dfba1bae4127bdfb8174ef4fb814a6e86e8dd199f863976a
                                                                                                                                                • Instruction ID: f376534f8a50dc1160a3c9b166cd37c026a650fa92a38d3e22a91c16b018f440
                                                                                                                                                • Opcode Fuzzy Hash: ed37e71b918876b5dfba1bae4127bdfb8174ef4fb814a6e86e8dd199f863976a
                                                                                                                                                • Instruction Fuzzy Hash: 1BD1F13260C351CFC715CF28D89052AB7E2FB89356F198A7EE89187392D734EA45CB85
                                                                                                                                                Function 00446170 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 279 446170-4461a2 LdrInitializeThunk
                                                                                                                                                APIs
                                                                                                                                                • LdrInitializeThunk.NTDLL(00449900,005C003F,00000002,00000018,-0000002C), ref: 0044619E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                                                • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                                                Function 0040D440 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 163threadCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CurrentProcess$ExitInputStateThread
                                                                                                                                                • String ID: 1032$=<?>
                                                                                                                                                • API String ID: 1029096631-142149872
                                                                                                                                                • Opcode ID: 2038bd2d9c6b73b4e40e6721bc239594da0d4a758a92c2be858ddf17731f4e98
                                                                                                                                                • Instruction ID: 555f25744c8546db94be89d719047032197e0e4c17fd340f55623defcaf143b8
                                                                                                                                                • Opcode Fuzzy Hash: 2038bd2d9c6b73b4e40e6721bc239594da0d4a758a92c2be858ddf17731f4e98
                                                                                                                                                • Instruction Fuzzy Hash: B341497480C240ABD301BF99D544A1EFBE5EF52709F148C2EE5C497392C73AD8188B6B
                                                                                                                                                Function 00445D00 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 49 445d00-445d14 50 445d7c-445d85 call 4433c0 49->50 51 445d1b-445d22 49->51 61 445d95-445d97 50->61 53 445d87-445d88 call 4434c0 51->53 54 445d29-445d3e 51->54 62 445d8d-445d90 53->62 55 445d66-445d7a RtlReAllocateHeap 54->55 56 445d40-445d64 call 446120 54->56 60 445d92 55->60 56->55 60->61 62->60
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 123
                                                                                                                                                • API String ID: 0-1549188022
                                                                                                                                                • Opcode ID: 3b7ffe2aac24cb1726d60088a50c21288039220aa40cb04d8e81f50c79dfa51c
                                                                                                                                                • Instruction ID: a2739fd40284dee98ce23fb6b7046590f6569b0d26867e028d520841740e6407
                                                                                                                                                • Opcode Fuzzy Hash: 3b7ffe2aac24cb1726d60088a50c21288039220aa40cb04d8e81f50c79dfa51c
                                                                                                                                                • Instruction Fuzzy Hash: 7301C4759082409BD701AF28EC0591FBBF4EF86B46F05882DF4C497212D339D911CBA7
                                                                                                                                                Function 0040EBE0 Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 191 40ebe0-40ec59 192 40ec95-40ece4 191->192 193 40ec5b 191->193 195 40ece6 192->195 196 40ed1c-40ed2e LoadLibraryExW call 444c50 192->196 194 40ec60-40ec93 call 411d30 193->194 194->192 198 40ecf0-40ed1a call 411cc0 195->198 202 40ed33-40ed4a 196->202 198->196
                                                                                                                                                APIs
                                                                                                                                                • LoadLibraryExW.KERNEL32(D7BFC9B3,00000000,F10E070C), ref: 0040ED26
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                • Opcode ID: 4dc88cb0df99b8d3a98c5cdb1ec670fef7d35882cd1cc8b0d4f236a3e63d11aa
                                                                                                                                                • Instruction ID: 4cd38cbd0c32a819dd0be2aab1182d7eadff182a12367131b0f4107e1301bfc1
                                                                                                                                                • Opcode Fuzzy Hash: 4dc88cb0df99b8d3a98c5cdb1ec670fef7d35882cd1cc8b0d4f236a3e63d11aa
                                                                                                                                                • Instruction Fuzzy Hash: 39318BB0D012589BEB10DF69DC45BAEBBB5BB45304F1046AAE444B7381D3385D45CFA5
                                                                                                                                                Function 0044505A Relevance: 1.6, APIs: 1, Instructions: 70libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 261 44505a-44509c 262 4450c4-4450d0 LoadLibraryExW 261->262 263 44509e-44509f 261->263 265 4450d6-445104 262->265 266 445760-4457c2 262->266 264 4450a0-4450c2 call 445fe0 263->264 264->262 265->266 270 4457c4 266->270 270->270
                                                                                                                                                APIs
                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000800), ref: 004450CC
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                • Opcode ID: 1401677f78b509c29d26488211ab75afea7a33a3747d27f15bf2e2205be3d739
                                                                                                                                                • Instruction ID: 83e9078ad7175dbac619403ff4e3d92812a4052d2d9051f59a847d15e64dbb14
                                                                                                                                                • Opcode Fuzzy Hash: 1401677f78b509c29d26488211ab75afea7a33a3747d27f15bf2e2205be3d739
                                                                                                                                                • Instruction Fuzzy Hash: D621D274900396DFDB05CFA8D5906ADFBB0BF1A302F58445DD441B7382C334AA12CBA9
                                                                                                                                                Function 004434C0 Relevance: 1.5, APIs: 1, Instructions: 45memoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 271 4434c0-4434cf 272 4434d6-4434f3 271->272 273 443539-44353d 271->273 274 4434f5 272->274 275 443526-443533 RtlFreeHeap 272->275 276 443500-443524 call 446090 274->276 275->273 276->275
                                                                                                                                                APIs
                                                                                                                                                • RtlFreeHeap.NTDLL(?,00000000), ref: 00443533
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                • Opcode ID: f2361dc6212d74a21cb31e294bd24aa35daa0bd91e01053351e2e50b4d0e9618
                                                                                                                                                • Instruction ID: fc2577b4e93f0db1609ff2d77d0976e1a143cc53a5c5a00cb9e7c077c0dd0e2b
                                                                                                                                                • Opcode Fuzzy Hash: f2361dc6212d74a21cb31e294bd24aa35daa0bd91e01053351e2e50b4d0e9618
                                                                                                                                                • Instruction Fuzzy Hash: E1F01974508240ABD301AF18E954B0EBBE5EF56705F054C2CE4C49B262D239DC64CB96
                                                                                                                                                Function 00443498 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 280 443498-4434a2 RtlAllocateHeap
                                                                                                                                                APIs
                                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000,?,?,00000000), ref: 004434A2
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                • Opcode ID: cbad0095acf85e61a526637b6e979c92ebeb1ba137fe47122b9aa8f39d59db8e
                                                                                                                                                • Instruction ID: ce2431340337354b508a90f7e092094382eca2a811d93d9dc87149ba3909bbc2
                                                                                                                                                • Opcode Fuzzy Hash: cbad0095acf85e61a526637b6e979c92ebeb1ba137fe47122b9aa8f39d59db8e
                                                                                                                                                • Instruction Fuzzy Hash: 57B00230245215B9E17317115CD5F7F1D6CDF43ED6F100454B204150D14664A541D57D

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 0041DDFF Relevance: 23.7, Strings: 18, Instructions: 1225COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+($%*+($@C$L$TWVQX[ZU\_^Y$X[ZU$YZ[D$\_^Y$`cb}$defg$efg`$hkje$pqrs$twvq$x{zu$IK$Nz{$OA
                                                                                                                                                • API String ID: 0-1295941102
                                                                                                                                                • Opcode ID: 48e835f5be9040a48b08e8b35f7b5511272b6288aa07e1c1f157d3cc9bcb95d1
                                                                                                                                                • Instruction ID: 068315d960757206ca91bfe4b5e0174fc538cc8ee9f9319a078fc8026ce8db79
                                                                                                                                                • Opcode Fuzzy Hash: 48e835f5be9040a48b08e8b35f7b5511272b6288aa07e1c1f157d3cc9bcb95d1
                                                                                                                                                • Instruction Fuzzy Hash: 55A2BCB55083809BD730CF15C841BEFBBE2BFC4304F54492EE9899B281DB799985CB5A
                                                                                                                                                Function 00438660 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 101clipboardCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                • String ID: 6$6$8$9$9$=$?
                                                                                                                                                • API String ID: 2832541153-2499364611
                                                                                                                                                • Opcode ID: 4ecb5cea78e22550e51f1c0766650d3c625aa133cf73940c3d24e28092cbc1b9
                                                                                                                                                • Instruction ID: 7394c3911a48552e0d11dc9b34c2007da1fa56957142a7b7922b5d5dbbba1851
                                                                                                                                                • Opcode Fuzzy Hash: 4ecb5cea78e22550e51f1c0766650d3c625aa133cf73940c3d24e28092cbc1b9
                                                                                                                                                • Instruction Fuzzy Hash: 42416A7450C3818ED301AF78958832EBFE0AB96314F14492EF4D986382D7798549CBA7
                                                                                                                                                Function 00431670 Relevance: 21.6, APIs: 2, Strings: 9, Instructions: 2329COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: *&- $*XJe$53C$:\Bz$JX`b$WXM,$]h>l$avqy$w[Nc
                                                                                                                                                • API String ID: 0-2470705936
                                                                                                                                                • Opcode ID: 0fdc167ce9c2e05a2bafd4b6b83f0d338f32d447e1db1341dbb0ee312911c54d
                                                                                                                                                • Instruction ID: 6b52d3f67adb24664c3a91c36719e14c9fa1994e195d47c860f543d90ad0f600
                                                                                                                                                • Opcode Fuzzy Hash: 0fdc167ce9c2e05a2bafd4b6b83f0d338f32d447e1db1341dbb0ee312911c54d
                                                                                                                                                • Instruction Fuzzy Hash: 0E039C70404B808AE7618F35C4907E7BBE1AF1A305F44989ED4EA8B392DB79B549CF64
                                                                                                                                                Function 0043F8E0 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 588memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: String$Alloc$InitVariant
                                                                                                                                                • String ID: %*+($%*+($XY
                                                                                                                                                • API String ID: 3520221836-3681054843
                                                                                                                                                • Opcode ID: 360088e75a0bfdc16e152703c8ceb466edd7a1128cd954dfb99185e274686783
                                                                                                                                                • Instruction ID: 873cf424640911aa45cd168c27eba4822a74ad18274f36e812021d333af19f67
                                                                                                                                                • Opcode Fuzzy Hash: 360088e75a0bfdc16e152703c8ceb466edd7a1128cd954dfb99185e274686783
                                                                                                                                                • Instruction Fuzzy Hash: D422DD75A08301DFEB00CF24D881B6EBBE2FB89356F14892DE485973A1D738D905CB5A
                                                                                                                                                Function 00412920 Relevance: 18.6, APIs: 4, Strings: 6, Instructions: 1104COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 004129F2
                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00412A14
                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 00412DC0
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Initialize$DirectorySecuritySystem
                                                                                                                                                • String ID: C@rH$E|IH$Nyvw$US$YW$}O{
                                                                                                                                                • API String ID: 1379780170-2937083641
                                                                                                                                                • Opcode ID: 601a931b4932948a2403d0c7624d7db1059ed815bf0903b108b5d2d569a19989
                                                                                                                                                • Instruction ID: 38e0f33ada8cfcad5abcb3afe9dd52bce474a6cad6ff29d136f25e6762998c79
                                                                                                                                                • Opcode Fuzzy Hash: 601a931b4932948a2403d0c7624d7db1059ed815bf0903b108b5d2d569a19989
                                                                                                                                                • Instruction Fuzzy Hash: 0682FFB0500B409FD7209F25C881767BBF0BF46308F14896EE4EA8B792D738B459CB99
                                                                                                                                                Function 0042C510 Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 565COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: !$DE$DtsN$H-X#$S~Dw$W\T_$sDtB
                                                                                                                                                • API String ID: 0-425027836
                                                                                                                                                • Opcode ID: 7e1da9aa85fd5b99e25369d9935cc3627feeb4c8913f5c2c6ef13a2c1dcba7a0
                                                                                                                                                • Instruction ID: e1b66d668db3eaf284a4465e3d0956aa058187ba537616815b15f550d3aba65b
                                                                                                                                                • Opcode Fuzzy Hash: 7e1da9aa85fd5b99e25369d9935cc3627feeb4c8913f5c2c6ef13a2c1dcba7a0
                                                                                                                                                • Instruction Fuzzy Hash: 5612BDB0908340DBD720AF25E881A2FBBF1FB8A749F54492DF5C497262D739D910CB5A
                                                                                                                                                Function 00401000 Relevance: 10.7, Strings: 7, Instructions: 1903COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$A$gfff$gfff$gfff
                                                                                                                                                • API String ID: 0-947532036
                                                                                                                                                • Opcode ID: 996ba5dc3168681fd38e148dabe03815a128900909ee63cb8306b0a2ad223509
                                                                                                                                                • Instruction ID: 24bb21e3c4691d0f802f2e4d9f0ac50f3d80cbbb945afd05861994f8d06a46a0
                                                                                                                                                • Opcode Fuzzy Hash: 996ba5dc3168681fd38e148dabe03815a128900909ee63cb8306b0a2ad223509
                                                                                                                                                • Instruction Fuzzy Hash: ECD2D2716083518FD714CE29C48476BBBE2AF89314F188A3EE895EB3D1D778D905CB86
                                                                                                                                                Function 00401589 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff
                                                                                                                                                • API String ID: 0-925659942
                                                                                                                                                • Opcode ID: 199267cbc64dd1aff0fa29f7712c1943bdcd0e8d47f77a3fba5e71398c634568
                                                                                                                                                • Instruction ID: b3b00cec798cd1528e2ee9d4f337dfc5343f57f5716b313ecf57be9c9f94580f
                                                                                                                                                • Opcode Fuzzy Hash: 199267cbc64dd1aff0fa29f7712c1943bdcd0e8d47f77a3fba5e71398c634568
                                                                                                                                                • Instruction Fuzzy Hash: 49E1A071A083518FD718CE28C59436FBBE2ABC5314F18893EE989A73D1D778D8458B86
                                                                                                                                                Function 0040138D Relevance: 7.9, Strings: 6, Instructions: 375COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff
                                                                                                                                                • API String ID: 0-854689426
                                                                                                                                                • Opcode ID: 969c0f03edb96067ab8def27398de18479f8ad2823b5aa3408d4fb50fcc3226b
                                                                                                                                                • Instruction ID: 2696d8f97c251a1de466447bacde96e6948098190633bd25ae01061a9d8bcc11
                                                                                                                                                • Opcode Fuzzy Hash: 969c0f03edb96067ab8def27398de18479f8ad2823b5aa3408d4fb50fcc3226b
                                                                                                                                                • Instruction Fuzzy Hash: FCD1B171A087518FC315CE28C58426BFBE1AFD5304F088A7EE9D9A73D2D278D945CB86
                                                                                                                                                Function 0040DFC0 Relevance: 7.8, Strings: 6, Instructions: 312COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: #e$D$Xf$[l$_V$
                                                                                                                                                • API String ID: 0-3536235331
                                                                                                                                                • Opcode ID: 67262b1051dd673af7e239b98ac4f8c439d4e2c351219076c9ca7b849ba843ec
                                                                                                                                                • Instruction ID: 1761856c2a82565d78c4bf05444e2d9e5f9ae0245f81a3f62c8a9502a39ae87c
                                                                                                                                                • Opcode Fuzzy Hash: 67262b1051dd673af7e239b98ac4f8c439d4e2c351219076c9ca7b849ba843ec
                                                                                                                                                • Instruction Fuzzy Hash: D6C113B450C3809BD311EF55D584A2FBBF8AB96704F140D2DE1C4AB292C779D918CBAB
                                                                                                                                                Function 004012F2 Relevance: 7.2, Strings: 5, Instructions: 925COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 0$0$0$@$i
                                                                                                                                                • API String ID: 0-3124195287
                                                                                                                                                • Opcode ID: 4edeaa5b93483764b9d6a388038abc3ace40cc9d88d1d2ffe131e48266618e72
                                                                                                                                                • Instruction ID: c1b2f36e857e21a3adf8d70cb624002cf2f3473e490e7fe7e2f4c6f4f87173b2
                                                                                                                                                • Opcode Fuzzy Hash: 4edeaa5b93483764b9d6a388038abc3ace40cc9d88d1d2ffe131e48266618e72
                                                                                                                                                • Instruction Fuzzy Hash: C062E271A083518FD318CE28C68476BBBE1AF85704F14893EE8D9A73D1D678DD45CB8A
                                                                                                                                                Function 0042D295 Relevance: 5.7, Strings: 4, Instructions: 727COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: "$['r!$hk$rB
                                                                                                                                                • API String ID: 0-1682562665
                                                                                                                                                • Opcode ID: 0e6463dd2a01415b111909c7c3e1d0977b6b7ce78372913de24c2d6c2f1a41c6
                                                                                                                                                • Instruction ID: b4c2d6d6ba26f63a79bf277c57a7f133fb0ab336795b84b6f6cd2d81b95e67fd
                                                                                                                                                • Opcode Fuzzy Hash: 0e6463dd2a01415b111909c7c3e1d0977b6b7ce78372913de24c2d6c2f1a41c6
                                                                                                                                                • Instruction Fuzzy Hash: 5D42E2B1A08350CFD310DF29D89072BBBE2BF86314F544A2DE4959B3A2C779D905CB4A
                                                                                                                                                Function 0042D4D4 Relevance: 5.7, Strings: 4, Instructions: 675COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: "$['r!$hk$rB
                                                                                                                                                • API String ID: 0-1682562665
                                                                                                                                                • Opcode ID: 88f762bedf9fafaee3b9f48913d9a44c016105b9b4fbf06ee61f083eaedf4a66
                                                                                                                                                • Instruction ID: 9856a21ac58daef009a3e972bb09b36dda588f2d14b9a74063aefb32263dd0cb
                                                                                                                                                • Opcode Fuzzy Hash: 88f762bedf9fafaee3b9f48913d9a44c016105b9b4fbf06ee61f083eaedf4a66
                                                                                                                                                • Instruction Fuzzy Hash: 8E32F2B1A08390CFD310CF29D89072ABBE2BF86314F544A6DE4D59B3A2C779D905CB46
                                                                                                                                                Function 0042C6E1 Relevance: 5.4, Strings: 4, Instructions: 430COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: ,[$1>%;$KVQA$OFH<
                                                                                                                                                • API String ID: 0-4269818227
                                                                                                                                                • Opcode ID: b71b651a47b6dfb0c3d8f82ff67fd01b2d929465fec70549e1dde3b3852a2f98
                                                                                                                                                • Instruction ID: b8f894667c65b4dd157318e3c21b91de949b37a2d4b7c1362151cae01adca53f
                                                                                                                                                • Opcode Fuzzy Hash: b71b651a47b6dfb0c3d8f82ff67fd01b2d929465fec70549e1dde3b3852a2f98
                                                                                                                                                • Instruction Fuzzy Hash: BFE10FB16083918BC710DF29E88072FBBE1AF96345F58496EF4C19B352C339D905CB9A
                                                                                                                                                Function 0042E927 Relevance: 5.4, Strings: 4, Instructions: 426COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: bB$db$h$|8
                                                                                                                                                • API String ID: 0-91127411
                                                                                                                                                • Opcode ID: deab92c9cbc9d9de2b1c1fe956664459c393dca9077f61ac2a7ba1243478d82d
                                                                                                                                                • Instruction ID: 896ada1ff1f034f350e592ef9e933001ddcc8871c35886f94cb3d41f898676cf
                                                                                                                                                • Opcode Fuzzy Hash: deab92c9cbc9d9de2b1c1fe956664459c393dca9077f61ac2a7ba1243478d82d
                                                                                                                                                • Instruction Fuzzy Hash: A1D199B0608341CFD7109F69E89166BBBF1BF96345F44492EE486873A2D339D805CB5A
                                                                                                                                                Function 0040FC00 Relevance: 5.4, Strings: 4, Instructions: 384COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 2$:;:9$]Z$tw
                                                                                                                                                • API String ID: 0-793706539
                                                                                                                                                • Opcode ID: 6188e216cbeb179f24fc8e628abda167621527b7d1e0a154056f1a40f7c32dea
                                                                                                                                                • Instruction ID: 036747dbfc9a0d8c62192e74824560da54d6a4c1e3741b43f6b35547dc194d56
                                                                                                                                                • Opcode Fuzzy Hash: 6188e216cbeb179f24fc8e628abda167621527b7d1e0a154056f1a40f7c32dea
                                                                                                                                                • Instruction Fuzzy Hash: 53E177705083809BD311DF148590A5FBBE1AB96748F28482EF4C89B352D37AD989DB9B
                                                                                                                                                Function 00427D03 Relevance: 5.3, Strings: 4, Instructions: 295COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+($'60$:04<$~Cuq
                                                                                                                                                • API String ID: 0-2643050054
                                                                                                                                                • Opcode ID: 237d7b2a6b96ba4955b6a9243a7696b6daf2c5d7641eb66b414ab9290ffdf30c
                                                                                                                                                • Instruction ID: 49a9679fff2f7aff9eeb0649bb44144b187cb137392283ddcdfcdf80b45c828b
                                                                                                                                                • Opcode Fuzzy Hash: 237d7b2a6b96ba4955b6a9243a7696b6daf2c5d7641eb66b414ab9290ffdf30c
                                                                                                                                                • Instruction Fuzzy Hash: 0C91CE71E04268CBDB24CF99E840BAEBBB1FF45301F6484A9E855AB391DB349941CF64
                                                                                                                                                Function 0042EE40 Relevance: 5.3, Strings: 4, Instructions: 256COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: U{y$X[$tk$sq
                                                                                                                                                • API String ID: 0-2103365980
                                                                                                                                                • Opcode ID: 4b7a5d6ba5c3288a9d1afa90a90d86f5313d1c8d5784ef9a449c9005a09ef170
                                                                                                                                                • Instruction ID: 479a2e777bba1b133546996b6cbb3bc05e0ea32c95f0f30833b425fb4052de07
                                                                                                                                                • Opcode Fuzzy Hash: 4b7a5d6ba5c3288a9d1afa90a90d86f5313d1c8d5784ef9a449c9005a09ef170
                                                                                                                                                • Instruction Fuzzy Hash: A37199B45083908BD710DF15D890B2BBBF0FFA6744F94495DE4C89B3A2E3798944CB9A
                                                                                                                                                Function 00444240 Relevance: 4.3, Strings: 3, Instructions: 596COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+($%*+($f
                                                                                                                                                • API String ID: 0-498254078
                                                                                                                                                • Opcode ID: cbc4eced61f62f119027366424f1f7bb3403b554a8958e8fefac7d47202699e3
                                                                                                                                                • Instruction ID: 1a6dac30fe805108a966faffdc33822bf40150380eef598f7c6b625c5c123cfc
                                                                                                                                                • Opcode Fuzzy Hash: cbc4eced61f62f119027366424f1f7bb3403b554a8958e8fefac7d47202699e3
                                                                                                                                                • Instruction Fuzzy Hash: EF129B756083419BE714CF18C890B2BBBE1BBC9714F188A2EF99597392D339DC05CB96
                                                                                                                                                Function 00420C4C Relevance: 4.1, Strings: 3, Instructions: 353COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: )E4G$G9I;$N=I?
                                                                                                                                                • API String ID: 0-3615135358
                                                                                                                                                • Opcode ID: 128d32527ceb8ce6df3ee2bb62cf3c0f97c754dda77e12158d28d93f7bed1f7f
                                                                                                                                                • Instruction ID: 24387466f040e05a76eb43b91bc72ee0861cf682cad13a710ff6240ba0847933
                                                                                                                                                • Opcode Fuzzy Hash: 128d32527ceb8ce6df3ee2bb62cf3c0f97c754dda77e12158d28d93f7bed1f7f
                                                                                                                                                • Instruction Fuzzy Hash: E0B11475E00224CBCF208F54E8416AEB7F1FF59314F554529E885BB392E339E951CBA8
                                                                                                                                                Function 0041D1D0 Relevance: 4.1, Strings: 3, Instructions: 332COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+($Ow$rw
                                                                                                                                                • API String ID: 0-1519177400
                                                                                                                                                • Opcode ID: fd96287aa3d4a93aa976985ac179b5453aeecac61c8dcf1c2ff8a14e243eabd3
                                                                                                                                                • Instruction ID: f23b6244d73a815b963dfababe9a6b12f4ce0309d7f7885e65b13b10d315b4cb
                                                                                                                                                • Opcode Fuzzy Hash: fd96287aa3d4a93aa976985ac179b5453aeecac61c8dcf1c2ff8a14e243eabd3
                                                                                                                                                • Instruction Fuzzy Hash: 4EB1C1B4508340DBD730DF54D881BABB7E5FF85314F044A2EF8899B292E7399890CB66
                                                                                                                                                Function 00443DA0 Relevance: 4.0, Strings: 3, Instructions: 202COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                • String ID: %*(6$%*+($0
                                                                                                                                                • API String ID: 2994545307-3473288163
                                                                                                                                                • Opcode ID: 0077517d808b134969c0a61bd93b8cb893cfed0329f65ac13bc8b8bfc8004041
                                                                                                                                                • Instruction ID: e9680ad2f9f8eb96964dc97cff5cf50a58ca1cd9ebcea699be840100c7839991
                                                                                                                                                • Opcode Fuzzy Hash: 0077517d808b134969c0a61bd93b8cb893cfed0329f65ac13bc8b8bfc8004041
                                                                                                                                                • Instruction Fuzzy Hash: 667153B4609340ABE714DF09D890B2BBBF5FB89705F64481EF88587381C739E914CB96
                                                                                                                                                Function 00446BE5 Relevance: 3.9, Strings: 3, Instructions: 138COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: &I$[I$wq
                                                                                                                                                • API String ID: 0-4053064096
                                                                                                                                                • Opcode ID: ab1c5bca56f4b8d29862dd938c2cf0be91c4f3d54f419d971872d4bb5286f9f8
                                                                                                                                                • Instruction ID: 1fe5a67717864987b5b56f276fa3c3ec5c9c3a98a5f823a3a65e190a468f704a
                                                                                                                                                • Opcode Fuzzy Hash: ab1c5bca56f4b8d29862dd938c2cf0be91c4f3d54f419d971872d4bb5286f9f8
                                                                                                                                                • Instruction Fuzzy Hash: 6441D1B49042859FEB05CF54D5C046EBBB1FB07316B25485EE882EB257C338DE12CB6A
                                                                                                                                                Function 00433F92 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 258libraryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • LoadLibraryExW.KERNEL32(C15BC75B,00000000,00000800), ref: 00433F6E
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                • String ID: u}|
                                                                                                                                                • API String ID: 1029625771-2851992303
                                                                                                                                                • Opcode ID: ce68ba67ca8f733b544a0100011ff25e7e27cf4692d08a45cf3ce3330b8fdfd1
                                                                                                                                                • Instruction ID: f9190f88e36dfb6965098df4861525961f7f17c5ea778a06d28252cdd58d4410
                                                                                                                                                • Opcode Fuzzy Hash: ce68ba67ca8f733b544a0100011ff25e7e27cf4692d08a45cf3ce3330b8fdfd1
                                                                                                                                                • Instruction Fuzzy Hash: 42818370104B408AD7B18B358494BE3BBE4BF1A704F44985DE4EF9B282DF39B449CB55
                                                                                                                                                Function 00433BFE Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 248libraryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • LoadLibraryExW.KERNEL32(C15BC75B,00000000,00000800), ref: 00433F39
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                • String ID: u}|
                                                                                                                                                • API String ID: 1029625771-2851992303
                                                                                                                                                • Opcode ID: 78bc8ec8a3cdcad72556845b164331c21d5f2c6ee381d91a938ff75e3227c4fc
                                                                                                                                                • Instruction ID: 2bae18b7b44f6fec5e9c5cbfeb64c4ebb28a725739c8ed80fc195fa07bb6389e
                                                                                                                                                • Opcode Fuzzy Hash: 78bc8ec8a3cdcad72556845b164331c21d5f2c6ee381d91a938ff75e3227c4fc
                                                                                                                                                • Instruction Fuzzy Hash: 45818070404B808AD7B18F358490BE3BBE4BF1A705F84985DE4EF9B282CF39A549CB55
                                                                                                                                                Function 0041508C Relevance: 3.4, Strings: 2, Instructions: 940COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: {q$}[A
                                                                                                                                                • API String ID: 0-1064870701
                                                                                                                                                • Opcode ID: 2f2515f5c2b7ffa030d83e9c0e28046b561606187bb51ab8c29fd2ab7d8c9eed
                                                                                                                                                • Instruction ID: 03a1573f7b603ce9b1292b23f8fedd44f9dc0fc8fe92b0099f73fd474fbc992e
                                                                                                                                                • Opcode Fuzzy Hash: 2f2515f5c2b7ffa030d83e9c0e28046b561606187bb51ab8c29fd2ab7d8c9eed
                                                                                                                                                • Instruction Fuzzy Hash: F252AE75908780DBD705DF64D880AAFFBE5AFC6348F08492EF48993251E778D884CB5A
                                                                                                                                                Function 00403780 Relevance: 2.9, Strings: 2, Instructions: 417COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: Inf$NaN
                                                                                                                                                • API String ID: 0-3500518849
                                                                                                                                                • Opcode ID: 6767733b9d464330a70aefdc8cfb6ac49b1bf2eade0196f6ebfe0eff0bc5d5a4
                                                                                                                                                • Instruction ID: 5750af31710b7be396716ece945ac45430cfc578f763f0feedc63731ac078348
                                                                                                                                                • Opcode Fuzzy Hash: 6767733b9d464330a70aefdc8cfb6ac49b1bf2eade0196f6ebfe0eff0bc5d5a4
                                                                                                                                                • Instruction Fuzzy Hash: B0D1C472A083019BC704DF28C88061BBBE9EBC4755F158A3EF899A73D1E775DD058B86
                                                                                                                                                Function 004480A0 Relevance: 2.9, Strings: 2, Instructions: 402COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: =:;8$P
                                                                                                                                                • API String ID: 0-1969647149
                                                                                                                                                • Opcode ID: 28344b5c60bda21f0bdc4bc70e267d48a748ae1c3a8308a950d15832200931b9
                                                                                                                                                • Instruction ID: 1e8b8bdf2a542f3e92cbfeb44d373b524065b8f6be8065c92f9e99662059e54e
                                                                                                                                                • Opcode Fuzzy Hash: 28344b5c60bda21f0bdc4bc70e267d48a748ae1c3a8308a950d15832200931b9
                                                                                                                                                • Instruction Fuzzy Hash: D5D137729083604FD725CE18989071FB6E1EB85718F15863DE8B6AB380DB79DC06C7C6
                                                                                                                                                Function 00447820 Relevance: 2.8, Strings: 2, Instructions: 294COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                • String ID: =:;8$=:;8
                                                                                                                                                • API String ID: 2994545307-1685821102
                                                                                                                                                • Opcode ID: a35135be9c919232384bd6e671b4d0dbb1517dda334c2e6cc566ffdaaec23ecd
                                                                                                                                                • Instruction ID: a91d2e0b5a23a234b07f9e31dec56dce6f6508cc96fc8eb6b4ab80176d214a42
                                                                                                                                                • Opcode Fuzzy Hash: a35135be9c919232384bd6e671b4d0dbb1517dda334c2e6cc566ffdaaec23ecd
                                                                                                                                                • Instruction Fuzzy Hash: 30A1AD71608340ABF720DB15CC80B6BB7E6EB85354F544C2EF98597392E734E942CB9A
                                                                                                                                                Function 00429140 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: ['e!$hk
                                                                                                                                                • API String ID: 0-2806763672
                                                                                                                                                • Opcode ID: 821deb910ea2da8005630f1794a8280b095369fb597dab505a02391f5c0c19bc
                                                                                                                                                • Instruction ID: c1309e704af3fc6eb13b08a1d19bf67029931396b96b62dd5e576af40f11d1b1
                                                                                                                                                • Opcode Fuzzy Hash: 821deb910ea2da8005630f1794a8280b095369fb597dab505a02391f5c0c19bc
                                                                                                                                                • Instruction Fuzzy Hash: 9A5111B450C384AFD300EF15D984A1EBBF8AB96748F94890DF1D59B251C37999088BA7
                                                                                                                                                Function 00444040 Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+($uxVd
                                                                                                                                                • API String ID: 0-4108384496
                                                                                                                                                • Opcode ID: d571fb84001a311b27c760ae5d4fc1bc14b38e726fca36176443eb68829bf1b9
                                                                                                                                                • Instruction ID: 05da06c2397de99a335579e432a13c5a0717f8861c3235bd1ab541de5fa57fe6
                                                                                                                                                • Opcode Fuzzy Hash: d571fb84001a311b27c760ae5d4fc1bc14b38e726fca36176443eb68829bf1b9
                                                                                                                                                • Instruction Fuzzy Hash: E341EF71508204EBEB20DF54DC45B2BBBA6EFD5301F14842EEA8593351D73AEC60DB5A
                                                                                                                                                Function 00449D20 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                • String ID: =:;8$@
                                                                                                                                                • API String ID: 2994545307-1758559817
                                                                                                                                                • Opcode ID: 3708f71c43ed80b5337cd89b4e6d032253459fb3c81ad0b230c899547dae0e26
                                                                                                                                                • Instruction ID: 7748d085d769de4df17560be8deaa0b9b868d3d977420cebb3d28721fc94e744
                                                                                                                                                • Opcode Fuzzy Hash: 3708f71c43ed80b5337cd89b4e6d032253459fb3c81ad0b230c899547dae0e26
                                                                                                                                                • Instruction Fuzzy Hash: 9C319C719083048BD314DF54D881A2BFBF5EF89305F14892DE59897391D379D904CB9A
                                                                                                                                                Function 00446C5A Relevance: 2.6, Strings: 2, Instructions: 91COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: &I$wq
                                                                                                                                                • API String ID: 0-356460525
                                                                                                                                                • Opcode ID: d293ce42fe70478f230bdb60bfccd220a3009f50ea123d14ca5dee4218630023
                                                                                                                                                • Instruction ID: c606a23a42dd016db69cca957979e520dbc8919df0b1a6e5504e9e4409553baa
                                                                                                                                                • Opcode Fuzzy Hash: d293ce42fe70478f230bdb60bfccd220a3009f50ea123d14ca5dee4218630023
                                                                                                                                                • Instruction Fuzzy Hash: D6318D749012458BDF04CF95C5C45AEBB71FB12326B644489D841AF35BC3389A12CB7A
                                                                                                                                                Function 0042A280 Relevance: 2.6, Strings: 2, Instructions: 78COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 8:$<>
                                                                                                                                                • API String ID: 0-2607517028
                                                                                                                                                • Opcode ID: f191b6225047ce9ac79211f89af6dbe54f23a12f9d7d45ec6ab146bc94458933
                                                                                                                                                • Instruction ID: 0e3f2d000814e27ebf642ea3fc307db00a563544b109cb512792b31d20cb6d2e
                                                                                                                                                • Opcode Fuzzy Hash: f191b6225047ce9ac79211f89af6dbe54f23a12f9d7d45ec6ab146bc94458933
                                                                                                                                                • Instruction Fuzzy Hash: 8C2147785093918AC7308F20E5007ABB7F1FF82745FA4595EE8C89B254EB38C951CB9B
                                                                                                                                                Function 00405320 Relevance: 1.8, Strings: 1, Instructions: 565COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %1.17g
                                                                                                                                                • API String ID: 0-1551345525
                                                                                                                                                • Opcode ID: dd6a7eb2d0d7bbb63a615d1e3754048cbe5650e35b3cbbf375799f2681c3fbff
                                                                                                                                                • Instruction ID: 9e7591791ad0f454e87cde0222c78f12d4fd32dc9f84a582a68d41016156be40
                                                                                                                                                • Opcode Fuzzy Hash: dd6a7eb2d0d7bbb63a615d1e3754048cbe5650e35b3cbbf375799f2681c3fbff
                                                                                                                                                • Instruction Fuzzy Hash: EB1206B5A04B418BD7248E14D480327BBA2EFA1314F19857FD8996B3D1E379DC05CF4A
                                                                                                                                                Function 00426FF0 Relevance: 1.7, APIs: 1, Instructions: 242comCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CoCreateInstance.OLE32(0044CB80,00000000,00000001,0044CB70), ref: 00427019
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateInstance
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 542301482-0
                                                                                                                                                • Opcode ID: ec27573f70f5e747fdf06321336757e1522e122a1f082b3c8c64d933f0084cb7
                                                                                                                                                • Instruction ID: 1dd9ba42d1134c331707e76eb789f7df9472961eee14d6a098fc4a49939699d2
                                                                                                                                                • Opcode Fuzzy Hash: ec27573f70f5e747fdf06321336757e1522e122a1f082b3c8c64d933f0084cb7
                                                                                                                                                • Instruction Fuzzy Hash: C551E0B17083209BDB209B24EC86B7733B4EF86758F444559F985CB391E379E805C76A
                                                                                                                                                Function 0042B830 Relevance: 1.7, Strings: 1, Instructions: 457COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+(
                                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                                • Opcode ID: 887bcb71e6d876f3e014cf56117bb170a8e51405aadb3a0b295df84bfe238741
                                                                                                                                                • Instruction ID: f9febf01f33fa36a7d1ddb789204e0492b300cd01202f1c206ecb09263a886c3
                                                                                                                                                • Opcode Fuzzy Hash: 887bcb71e6d876f3e014cf56117bb170a8e51405aadb3a0b295df84bfe238741
                                                                                                                                                • Instruction Fuzzy Hash: E7F188B4518344DFE3209F19E841B2BBBF5FB8A705F94882DF58887262D735D814CB9A
                                                                                                                                                Function 00430590 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: "
                                                                                                                                                • API String ID: 0-123907689
                                                                                                                                                • Opcode ID: 8a10a5681b2d5c1321d14bc6849af6036fd86266613414d189da376854f8adda
                                                                                                                                                • Instruction ID: a7ce59651d0f1017d8e90d6f75074ff501fb05f5f21ec41f2c7a0edceb7c194d
                                                                                                                                                • Opcode Fuzzy Hash: 8a10a5681b2d5c1321d14bc6849af6036fd86266613414d189da376854f8adda
                                                                                                                                                • Instruction Fuzzy Hash: 11D116B2A043045BD724DE25D4A176FB7D5AF98310F19972FE89A87382D73CDC048B96
                                                                                                                                                Function 0042A3A8 Relevance: 1.7, Strings: 1, Instructions: 413COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 01
                                                                                                                                                • API String ID: 0-3477152822
                                                                                                                                                • Opcode ID: 674cb8e8adf0315d6a6fffb6ac0f4a13a69d8baabf21808da83b8701c7c45dbe
                                                                                                                                                • Instruction ID: 7e134364cd7e184ee4634b8f381546ae3e067e8cf23b76fa9936b622e07eefea
                                                                                                                                                • Opcode Fuzzy Hash: 674cb8e8adf0315d6a6fffb6ac0f4a13a69d8baabf21808da83b8701c7c45dbe
                                                                                                                                                • Instruction Fuzzy Hash: 4FD1BD71A083228BC314DF24E58062BB3F2FF85B45F948D1DE8C597251E738D965CB9A
                                                                                                                                                Function 0042F1B0 Relevance: 1.6, Strings: 1, Instructions: 337COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: c5V3
                                                                                                                                                • API String ID: 0-2034645838
                                                                                                                                                • Opcode ID: 41b5bee89015c9d7273252287537bd235302f0ec3de3bbfb0e4c2616ac2d136d
                                                                                                                                                • Instruction ID: 53da8b907d0e7fd06adce62e70ed86e252d15535f9b3330e2a1b3c94f45f4202
                                                                                                                                                • Opcode Fuzzy Hash: 41b5bee89015c9d7273252287537bd235302f0ec3de3bbfb0e4c2616ac2d136d
                                                                                                                                                • Instruction Fuzzy Hash: B5C1A9B0508351EBD310DF25E88062BBBF4EF8A745F940D2DE5D09B262D339D849CB9A
                                                                                                                                                Function 00433335 Relevance: 1.5, Strings: 1, Instructions: 298COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: *&- $*XJe$53C$:\Bz$JX`b$WXM,$]h>l$avqy$w[Nc
                                                                                                                                                • API String ID: 0-2470705936
                                                                                                                                                • Opcode ID: 24524302bc7e1c2d4906d3de34d7e6b3f5bcfbafb4094b9b0bee2a8fe50574e8
                                                                                                                                                • Instruction ID: 06cb31238f2708f74529d9e64c999bfe1108be11ab1fcac4888e2b6564f48832
                                                                                                                                                • Opcode Fuzzy Hash: 24524302bc7e1c2d4906d3de34d7e6b3f5bcfbafb4094b9b0bee2a8fe50574e8
                                                                                                                                                • Instruction Fuzzy Hash: 79A18C70508B908ED7B6CF3984907E3BBE0AF1A705F44985ED4EB87382DB39A549CB54
                                                                                                                                                Function 004486E0 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: ;:9
                                                                                                                                                • API String ID: 0-2043501942
                                                                                                                                                • Opcode ID: d97c8967657955cd276d75c2220febe862feceba931881bd9131a1eb9477a50b
                                                                                                                                                • Instruction ID: 166ecc30c5c5a5a7167127fa5737624ab005f046829d42ae61d4228b8a6f3c35
                                                                                                                                                • Opcode Fuzzy Hash: d97c8967657955cd276d75c2220febe862feceba931881bd9131a1eb9477a50b
                                                                                                                                                • Instruction Fuzzy Hash: 8B91DE35608301CFD704DF68E89462AB3F1FB9931AF1A887DD5C58B262D735E8A0DB85
                                                                                                                                                Function 0040ABD0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: ,
                                                                                                                                                • API String ID: 0-3772416878
                                                                                                                                                • Opcode ID: 131505312b1bb27240f6dfea1676a2032a3f3cfce7b42a5a030031ec475c37fa
                                                                                                                                                • Instruction ID: 0d3a0fd5714317418c3eb196ea8662ca4d558a8104d2ea2566d1d9a8add1c3b8
                                                                                                                                                • Opcode Fuzzy Hash: 131505312b1bb27240f6dfea1676a2032a3f3cfce7b42a5a030031ec475c37fa
                                                                                                                                                • Instruction Fuzzy Hash: 23B128711093819FD321CF28C88461BBBE0AFA9704F484A6DE5D997782D635E918CBA7
                                                                                                                                                Function 00436820 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: u
                                                                                                                                                • API String ID: 0-4067256894
                                                                                                                                                • Opcode ID: 94b029f3c60ce75e62be44490500d877d2167121d91c2291b73e7ba48a2c5e0e
                                                                                                                                                • Instruction ID: 68ec843625a05ae49eae94000774ad56e911688258ea5f3b4ebefd13b221d55d
                                                                                                                                                • Opcode Fuzzy Hash: 94b029f3c60ce75e62be44490500d877d2167121d91c2291b73e7ba48a2c5e0e
                                                                                                                                                • Instruction Fuzzy Hash: E0813B3660A6825BD3186A3C8C5236BBA934FDB334F2ED76FD4F1873E1D56988028355
                                                                                                                                                Function 00438210 Relevance: 1.5, Strings: 1, Instructions: 211COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 004383AF
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                                                • API String ID: 0-2471034898
                                                                                                                                                • Opcode ID: f98e4125642b6f7303aa62eec2f0332706fb531fa66a8e9c4ef2ae392f571223
                                                                                                                                                • Instruction ID: afe642b493d438ff6f411e546c264eb9921c7e99f8502b6c9c7e09c9db7d701f
                                                                                                                                                • Opcode Fuzzy Hash: f98e4125642b6f7303aa62eec2f0332706fb531fa66a8e9c4ef2ae392f571223
                                                                                                                                                • Instruction Fuzzy Hash: AB617E37A097A147C7144A3C5C902A6EA421B9B330F3D93BFFCB19B3D1C9598C06439A
                                                                                                                                                Function 00444C90 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+(
                                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                                • Opcode ID: 07c16a6ef3fe6f820211a56e88c2e791172652be10c3ec7f67f1fdbf28740199
                                                                                                                                                • Instruction ID: 11df42af5caca9a72f970213e677b6119b7b450c67af953d7501706f7e9fc4bc
                                                                                                                                                • Opcode Fuzzy Hash: 07c16a6ef3fe6f820211a56e88c2e791172652be10c3ec7f67f1fdbf28740199
                                                                                                                                                • Instruction Fuzzy Hash: 7261D070A083419BF715DF14C880B2BBBE6FBC5305F28892EE58587392C739E811CB1A
                                                                                                                                                Function 0043F4E0 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                • String ID: %*+( C
                                                                                                                                                • API String ID: 2994545307-954077416
                                                                                                                                                • Opcode ID: be922c0c939adc15175b50bb0660fc841a115826d8249c1c4825361db5d4de66
                                                                                                                                                • Instruction ID: 7d8234139b4eac5119e5410618e58e09199086dd3060237d38e04b2fd45e5bbf
                                                                                                                                                • Opcode Fuzzy Hash: be922c0c939adc15175b50bb0660fc841a115826d8249c1c4825361db5d4de66
                                                                                                                                                • Instruction Fuzzy Hash: A751F774A09300ABD715AF14C990A3FF7E6EB49301F58982DE4C583362D334DC15CB5A
                                                                                                                                                Function 00447630 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: =:;8
                                                                                                                                                • API String ID: 0-508151936
                                                                                                                                                • Opcode ID: 54dd48c072afd03b892454620e1bfa117142463bc0d3358ed4961d22c0e2c537
                                                                                                                                                • Instruction ID: f53b1cf1d2d43ff6166c1cf3a92ff21f60dfaf417fc550a19b6e158e7f211dc2
                                                                                                                                                • Opcode Fuzzy Hash: 54dd48c072afd03b892454620e1bfa117142463bc0d3358ed4961d22c0e2c537
                                                                                                                                                • Instruction Fuzzy Hash: 6551387160C3009BE714AA18CC90B2FB7E2FB85355F688A2DE9D557392D335EC12C75A
                                                                                                                                                Function 00428472 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+(
                                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                                • Opcode ID: c229e05f35e7c4b4cdeb9b76f30375a976e6b8e08d527192388afd39e4f33a85
                                                                                                                                                • Instruction ID: 6c7052a7ca44585b34384a6096d7f96d95edd8748b8cce9ea63459a4869a42d4
                                                                                                                                                • Opcode Fuzzy Hash: c229e05f35e7c4b4cdeb9b76f30375a976e6b8e08d527192388afd39e4f33a85
                                                                                                                                                • Instruction Fuzzy Hash: 6A51B039A01226CFDB04CF58DC91BADB7B2FF88301F1884B9D905AB282C775E951CB54
                                                                                                                                                Function 00443B60 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+(
                                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                                • Opcode ID: 281d42262116a6846f27f4ac80bfbbe8ec96dc12998bac32fe8126af14675107
                                                                                                                                                • Instruction ID: f12b6d9916bf27ae298f80edd43f87298b307b2ef20082737f3276c392ad6ab7
                                                                                                                                                • Opcode Fuzzy Hash: 281d42262116a6846f27f4ac80bfbbe8ec96dc12998bac32fe8126af14675107
                                                                                                                                                • Instruction Fuzzy Hash: 4A41A1756083409BEB249F15D990A2BB7E5EF85B06F14882EE4C597352C339EE10CB16
                                                                                                                                                Function 00415E11 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: R_A
                                                                                                                                                • API String ID: 0-2894140241
                                                                                                                                                • Opcode ID: 855d8a104527a6a22150e8fec24d1a556a90c03b99cb0bcb1a08bb1d239c8c8d
                                                                                                                                                • Instruction ID: ec5b3addcea719a6fcf74cd29254c95d7c148a3c106f125ae26d6e5b54084fb4
                                                                                                                                                • Opcode Fuzzy Hash: 855d8a104527a6a22150e8fec24d1a556a90c03b99cb0bcb1a08bb1d239c8c8d
                                                                                                                                                • Instruction Fuzzy Hash: 90411676908310DFDB109F20DC417AA77E5AFC6314F04493DF49AA7391E739D945878A
                                                                                                                                                Function 00449A10 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: =:;8
                                                                                                                                                • API String ID: 0-508151936
                                                                                                                                                • Opcode ID: 252199f6b865f99cd35cc75fed087e4e72d4e37f0220f0a6ac4012d7f4c8ead0
                                                                                                                                                • Instruction ID: 05a97aee27dffb00dbd51095f055f4dfe11aa80a2f7f1c92f31228a217469a40
                                                                                                                                                • Opcode Fuzzy Hash: 252199f6b865f99cd35cc75fed087e4e72d4e37f0220f0a6ac4012d7f4c8ead0
                                                                                                                                                • Instruction Fuzzy Hash: 0741AD34608340ABE7149F15ED90B2FB7A6FB85714F24882EF48997352D338EC10EB5A
                                                                                                                                                Function 00449BA0 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: =:;8
                                                                                                                                                • API String ID: 0-508151936
                                                                                                                                                • Opcode ID: 885c6c10047bc4ed0b570366a3fb4b3bebb2772f983fa8e19c40e832167c6665
                                                                                                                                                • Instruction ID: 759e4d3430cde1113ce86e8a34bb78e59f8996fcf463a934eed28b76126d2c1c
                                                                                                                                                • Opcode Fuzzy Hash: 885c6c10047bc4ed0b570366a3fb4b3bebb2772f983fa8e19c40e832167c6665
                                                                                                                                                • Instruction Fuzzy Hash: 5F41AE74608300ABE7149F15D9D0B2BB7E6EB85715F24882DF4899B392D339EC10DB5A
                                                                                                                                                Function 0041D672 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+(
                                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                                • Opcode ID: 733a2dbd1cf4672a115e637de9dafb62a3098bf24dbbcf4e5888588c2816f7c5
                                                                                                                                                • Instruction ID: d6c46c66ae9e6c5d1d19b663e2ea9136945d175d09991c158c64094f61309ff6
                                                                                                                                                • Opcode Fuzzy Hash: 733a2dbd1cf4672a115e637de9dafb62a3098bf24dbbcf4e5888588c2816f7c5
                                                                                                                                                • Instruction Fuzzy Hash: 2041CEB5908340DFE7209F14DC00BABB3E1FB85705F45482EE888D7292E739D8A0CB46
                                                                                                                                                Function 0041F1D6 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+(
                                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                                • Opcode ID: 4ecaa68750894424e067e98bf0d20a1b22babd46e09aa345b509e8e24610b141
                                                                                                                                                • Instruction ID: a6c9ce00cba962c7c3dada17f7fdb58dfd8cba5fbe56f3e409aa767892d6adfc
                                                                                                                                                • Opcode Fuzzy Hash: 4ecaa68750894424e067e98bf0d20a1b22babd46e09aa345b509e8e24610b141
                                                                                                                                                • Instruction Fuzzy Hash: DF21A1756087418FC724DF50D8407ABB3A3FBC5342F998A2DE0889B241EB35E995CB5A
                                                                                                                                                Function 0041D733 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+(
                                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                                • Opcode ID: b48c7630343390b3a8e9737404bf7ddddcf45d4d8cc301cdf950801ecadfe327
                                                                                                                                                • Instruction ID: 467a029f645a2142064093daf3857129aa1f7519d3d2f2b5e9473d916f879c2c
                                                                                                                                                • Opcode Fuzzy Hash: b48c7630343390b3a8e9737404bf7ddddcf45d4d8cc301cdf950801ecadfe327
                                                                                                                                                • Instruction Fuzzy Hash: EF115BB49093908BD7208F5494407ABB7E2BB85305F59492EE48DA7281D739D890CB5A
                                                                                                                                                Function 00416319 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: *:
                                                                                                                                                • API String ID: 0-3904767845
                                                                                                                                                • Opcode ID: 317a3e2dbef9a5b92eb774d5d7bc237b065a66ea56b3334d113ad8a41e243999
                                                                                                                                                • Instruction ID: b7f778086449c3eb0137174c245c1d9e42db36ab03648f51802886adca72a67a
                                                                                                                                                • Opcode Fuzzy Hash: 317a3e2dbef9a5b92eb774d5d7bc237b065a66ea56b3334d113ad8a41e243999
                                                                                                                                                • Instruction Fuzzy Hash: 7C0162314083808BD3109B54D455B6BF7F4FF8A308F080A2EE5C9B7292D338D6048B2B
                                                                                                                                                Function 0040C210 Relevance: .8, Instructions: 831COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5fd26393617856e3c2acf54515b9dd5ddd27122736f2a2b69c35036bece5926b
                                                                                                                                                • Instruction ID: 179032f12f22df4b8eb37ecbda361d27a15dad5cbb10d81a9cca6dc2c1375ba5
                                                                                                                                                • Opcode Fuzzy Hash: 5fd26393617856e3c2acf54515b9dd5ddd27122736f2a2b69c35036bece5926b
                                                                                                                                                • Instruction Fuzzy Hash: E842D532A04725CBC7249F18D8C026BB3E1FFD4315F158B3ED996A72C1D738A9558B8A
                                                                                                                                                Function 0040B700 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 8f92698deaff8939c339fccb0f6a3cc66705d472c08b73d3bd7e991e7649a8ee
                                                                                                                                                • Instruction ID: 2f79066177d34c8e895ea1b2e84f5c690b05b2b1254f0cdf5d6c225214919f47
                                                                                                                                                • Opcode Fuzzy Hash: 8f92698deaff8939c339fccb0f6a3cc66705d472c08b73d3bd7e991e7649a8ee
                                                                                                                                                • Instruction Fuzzy Hash: 2F529070A087848FEB358B24C4847A7BBE1EB91314F14493ED5E656BC6C37DA885CB8D
                                                                                                                                                Function 004073D0 Relevance: .7, Instructions: 657COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 37804d0beffa80cf22a95da8fb3c7ddbc735901a0654d68907e0afcfec5e073f
                                                                                                                                                • Instruction ID: 7e7a3d20024d16f2f1ec0159e87d0553ddb1ba7e41c287eb9bd16d3c1bf9a147
                                                                                                                                                • Opcode Fuzzy Hash: 37804d0beffa80cf22a95da8fb3c7ddbc735901a0654d68907e0afcfec5e073f
                                                                                                                                                • Instruction Fuzzy Hash: 1A52C27190C3458FCB15CF18C0906AABBE1FF89314F18897EE89967381D778E949CB86
                                                                                                                                                Function 00407DD0 Relevance: .6, Instructions: 592COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 45b6ecd5fba9f7a55768fb7de1a0358b410302586bb6fd790ad3ec88ecfc0687
                                                                                                                                                • Instruction ID: 38d2d3b7ba493b0d29d8285af648369fe573881a89b1f301cef14c62c1dcf11c
                                                                                                                                                • Opcode Fuzzy Hash: 45b6ecd5fba9f7a55768fb7de1a0358b410302586bb6fd790ad3ec88ecfc0687
                                                                                                                                                • Instruction Fuzzy Hash: 84321370914B118FC368CF29C69052ABBF1BF85710B604A2ED6D797B90DB3AB845CB18
                                                                                                                                                Function 00448BE0 Relevance: .5, Instructions: 541COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 8fe54cdf1ecdaec582b565a461110b8162f9ddcb61d1fb0a2152f14216461e9a
                                                                                                                                                • Instruction ID: a40ff6c43f9f244f78c5a82676b7b6b98954f686d4d278fac8d9b223ff6f4173
                                                                                                                                                • Opcode Fuzzy Hash: 8fe54cdf1ecdaec582b565a461110b8162f9ddcb61d1fb0a2152f14216461e9a
                                                                                                                                                • Instruction Fuzzy Hash: C8F1BE3560D340DFD708DF28D89062EB7E2FB8A305F19896DE9898B392C739D854CB56
                                                                                                                                                Function 0040A680 Relevance: .4, Instructions: 448COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5399b1bb572af801badaa37716df09e2c6aff5af66002a532ad583c85112ac44
                                                                                                                                                • Instruction ID: 7990fb29706556707dde4fd5fad898feee0c51d8f3dfd2d56199bf50cbec7d80
                                                                                                                                                • Opcode Fuzzy Hash: 5399b1bb572af801badaa37716df09e2c6aff5af66002a532ad583c85112ac44
                                                                                                                                                • Instruction Fuzzy Hash: F4F1D0356083418FC724CF29C88166BFBE2EFD9304F08892EE5D587791E679E854CB96
                                                                                                                                                Function 00427250 Relevance: .4, Instructions: 431COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 11636e97cc9e1b13f5c9c812d885e02fcaf38fb5c399c1e31036fbb801fa8f76
                                                                                                                                                • Instruction ID: 0cdddc02200e710996c9f464b2c0e16f8fae38d8edd5e86623daa92770803a83
                                                                                                                                                • Opcode Fuzzy Hash: 11636e97cc9e1b13f5c9c812d885e02fcaf38fb5c399c1e31036fbb801fa8f76
                                                                                                                                                • Instruction Fuzzy Hash: 33C1C07160C2209BD711EF15E841A2BB7F1EF96314F48481EF8C59B352E339D954CBAA
                                                                                                                                                Function 0040CF10 Relevance: .4, Instructions: 388COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6a16511359572a211e44db4d017724f983ed57499440677c537153cc7e8df251
                                                                                                                                                • Instruction ID: d1dc7cc3517d3da3b7596efd16a34da9a0b9da04abc1e7c3f9beb679c80cb8db
                                                                                                                                                • Opcode Fuzzy Hash: 6a16511359572a211e44db4d017724f983ed57499440677c537153cc7e8df251
                                                                                                                                                • Instruction Fuzzy Hash: B9D11A71E083454BC3148E69D8D025BB7E3EBC1324F19C63EE8A55B3D5D67C9D0A8B86
                                                                                                                                                Function 00447BE0 Relevance: .3, Instructions: 325COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9f218593850381a6470916a938c8b175638f7679d89ee5ca95996b180ea1f7b8
                                                                                                                                                • Instruction ID: c9e57fddc4b5059fee863ebfc4717d9e4b53c487b5aa1af8129d73eb291600a5
                                                                                                                                                • Opcode Fuzzy Hash: 9f218593850381a6470916a938c8b175638f7679d89ee5ca95996b180ea1f7b8
                                                                                                                                                • Instruction Fuzzy Hash: 46A105B1A0C3505BF7209F29CC84B2BB7E5EF85314F18492EE99897352E739DC068796
                                                                                                                                                Function 00416866 Relevance: .3, Instructions: 317COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d113d7714e9cf4a71358f343ff61d6d616e238023072c940eb22c9515d8f64a4
                                                                                                                                                • Instruction ID: 198fbd16f1d85bd402acf33399e9c59ac2efad4e2ff8bddcaaed117cf40b1fea
                                                                                                                                                • Opcode Fuzzy Hash: d113d7714e9cf4a71358f343ff61d6d616e238023072c940eb22c9515d8f64a4
                                                                                                                                                • Instruction Fuzzy Hash: 5AB136754183809BD310DB54D880B6FFBE4BF86308F55492EF48997292E779D888CB6B
                                                                                                                                                Function 0040B270 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c48c829b0cf2cbc4580a6ff7763ab4075973b40cc397e4fccb5515b17566094a
                                                                                                                                                • Instruction ID: 0234ceb963d8a02704c1e57bcfff9fe46afb523a25e9fe19499d52599f9026f9
                                                                                                                                                • Opcode Fuzzy Hash: c48c829b0cf2cbc4580a6ff7763ab4075973b40cc397e4fccb5515b17566094a
                                                                                                                                                • Instruction Fuzzy Hash: CDC14AB29487418FC360CF28DC96BABB7E1EF85318F08492DD1D9D6342E778A155CB4A
                                                                                                                                                Function 00448F50 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a94fd9aed8d6464f93a3c7e3c01e75f9f85fb14a496f472ed7380c30d0412349
                                                                                                                                                • Instruction ID: d1856f2df7b17df036322d035787986b50e5d5ead949585b24561e3f96d87a88
                                                                                                                                                • Opcode Fuzzy Hash: a94fd9aed8d6464f93a3c7e3c01e75f9f85fb14a496f472ed7380c30d0412349
                                                                                                                                                • Instruction Fuzzy Hash: 00718C346083409FD704DF28D99062EB7E6EF8A715F08886DE9C98B352D339DC54DB56
                                                                                                                                                Function 0040937E Relevance: .3, Instructions: 271COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: b0ef1785d72f85255e1e48e5b08f02b99cae4b70ce7c4ddbeaeeac40e331766d
                                                                                                                                                • Instruction ID: da4701f7a8a59232985f5eb7826d161c8a40ede4280be22fc3981c3486a237f8
                                                                                                                                                • Opcode Fuzzy Hash: b0ef1785d72f85255e1e48e5b08f02b99cae4b70ce7c4ddbeaeeac40e331766d
                                                                                                                                                • Instruction Fuzzy Hash: AEB1AB79208201CFD708CF25D86076A7BE1FB89355F18897DE84687391D738D986CF85
                                                                                                                                                Function 004214D3 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 784783a52b8a3d62a329717329e0ca1320d973b9daf5a27f063a18c6152c18b4
                                                                                                                                                • Instruction ID: af15282fea1b0d4e313f27ad5009ceaba83f809070ec496722640b7832397f3c
                                                                                                                                                • Opcode Fuzzy Hash: 784783a52b8a3d62a329717329e0ca1320d973b9daf5a27f063a18c6152c18b4
                                                                                                                                                • Instruction Fuzzy Hash: 29619AB0508350DBD311AF19E891A2BB7F0EFA2745F48495EF4C59B262E33AC911CB5B
                                                                                                                                                Function 004214EA Relevance: .2, Instructions: 244COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6d99b82aa8ddc21967d82e361e1d2274e7ac84d13d086154e7058d46dc646937
                                                                                                                                                • Instruction ID: 7111a839e9d3c91cfaf48d60914ca5a6afb26961dd233a537396bda51b9bc6b6
                                                                                                                                                • Opcode Fuzzy Hash: 6d99b82aa8ddc21967d82e361e1d2274e7ac84d13d086154e7058d46dc646937
                                                                                                                                                • Instruction Fuzzy Hash: F461AAB0608350DBC311AF19E891A2BB7F0EFA2755F48495EF4C59B262D33AC911CB5B
                                                                                                                                                Function 00416574 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e72aa7a498b2b9b2dfecdd60ee23e0f4f9d1c2478f50c3c5e971454d0b5e0c81
                                                                                                                                                • Instruction ID: ab1f1018790031ee9c7c10a6f7340843e4bf55e4f70f010004c05f7dbce76356
                                                                                                                                                • Opcode Fuzzy Hash: e72aa7a498b2b9b2dfecdd60ee23e0f4f9d1c2478f50c3c5e971454d0b5e0c81
                                                                                                                                                • Instruction Fuzzy Hash: F58148755083809BD310DB54D880BAFFBE4AF86308F154D1EE4D897291E7B9D888CB6A
                                                                                                                                                Function 0042DB4B Relevance: .2, Instructions: 216COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 270b97007977c48ba5376386b21794ec2fcb6a5a0464c1c1fc117d1d76f24f76
                                                                                                                                                • Instruction ID: 673c6b3bbbd53f9c22ccfe51b5a6f695aa7f56030b97dac0bd30af74e8f096ee
                                                                                                                                                • Opcode Fuzzy Hash: 270b97007977c48ba5376386b21794ec2fcb6a5a0464c1c1fc117d1d76f24f76
                                                                                                                                                • Instruction Fuzzy Hash: AD5119B3F047194FD714DE29DC9022AF7D2ABC4210F5A863DD9699B382EA78EC0587C1
                                                                                                                                                Function 004365E0 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ab142ebe5769f5d5514a8bc349562a83129f8e9972c3143ae3e22d1548ba5ff3
                                                                                                                                                • Instruction ID: b52e754ff7f7bdcd96bdcc20424ae0671895b43bfbd965ceef7946b1b7f15a2a
                                                                                                                                                • Opcode Fuzzy Hash: ab142ebe5769f5d5514a8bc349562a83129f8e9972c3143ae3e22d1548ba5ff3
                                                                                                                                                • Instruction Fuzzy Hash: D4516C2620E58257D7289A3C4C623B96A834FDB374F3ED72FD5B2873D1C61D4402431A
                                                                                                                                                Function 0043EC60 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d531771b5ac3b43f583770d02df8f3e1e7f618f6241c98f58e7b1b724ce75ce4
                                                                                                                                                • Instruction ID: 855ce3d2ff55087a3fe446360c4d7d2d80b6ecc8f2b3d94c0b0b5af49f22110f
                                                                                                                                                • Opcode Fuzzy Hash: d531771b5ac3b43f583770d02df8f3e1e7f618f6241c98f58e7b1b724ce75ce4
                                                                                                                                                • Instruction Fuzzy Hash: 8E515CB15087548FE314DF29D49535BBBE1BBC8318F044E2EE4E987391E379DA088B86
                                                                                                                                                Function 00406E30 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0173b49a01aa6f585f93fec65d7f76c73ce0402e069515b85d07bbe0d6abbdfc
                                                                                                                                                • Instruction ID: 3141c5b1859c4b1ed9a37be143eb06df05074a468c29e561fd46d3f232faac6f
                                                                                                                                                • Opcode Fuzzy Hash: 0173b49a01aa6f585f93fec65d7f76c73ce0402e069515b85d07bbe0d6abbdfc
                                                                                                                                                • Instruction Fuzzy Hash: 6A41E922B0C2764BC7149A7DCC5027ABAD64FC5214F1E837AE8CAEB7C6E5789C1053D9
                                                                                                                                                Function 004210D0 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c978601841f293907c565e382e04f250fbca0c5c93ea7255ffc38724c8199d3e
                                                                                                                                                • Instruction ID: 5ce560d5a09dffc801b9713141ef514529169b63506e356245f8ffced50adb6c
                                                                                                                                                • Opcode Fuzzy Hash: c978601841f293907c565e382e04f250fbca0c5c93ea7255ffc38724c8199d3e
                                                                                                                                                • Instruction Fuzzy Hash: 9C418B70508350CBD310DF18D49192BB7F0FFA6398F548A4DE9959B3A1E779D900CBAA
                                                                                                                                                Function 00405C00 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f4845bcb268fc2781b429f43bf46a0691f6b833da9af978e253253a235040799
                                                                                                                                                • Instruction ID: b2cf4deca0400fd5fea032b1cbf3451fc825e2a6972d5773cf43d1f0e4f9a6e1
                                                                                                                                                • Opcode Fuzzy Hash: f4845bcb268fc2781b429f43bf46a0691f6b833da9af978e253253a235040799
                                                                                                                                                • Instruction Fuzzy Hash: E651F474A047019FC714EF14C884927B7A1FF85364F19867EE895AB392D634EC82CF9A
                                                                                                                                                Function 00414294 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 97271d1b3f9190eeeb81f7ee7b3d25e7ad10b551802a9f6f7667fd231b71bad1
                                                                                                                                                • Instruction ID: 1fa9bda1476f87c2b7c2d742166c8c66e8e3bde244159149de2697868e56f644
                                                                                                                                                • Opcode Fuzzy Hash: 97271d1b3f9190eeeb81f7ee7b3d25e7ad10b551802a9f6f7667fd231b71bad1
                                                                                                                                                • Instruction Fuzzy Hash: 734159B4519340AFD340AB54E895B2FFBF8AF86304F84982EF89493262D378D4448B5B
                                                                                                                                                Function 00411B50 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3796caac5fdd386676789e274ac0dc37df04228f9ce286bec626a323ee5dadd6
                                                                                                                                                • Instruction ID: d2e36970f1c892e70df14f182262214d86bd21f705211d9b07ff0bfecf973f0c
                                                                                                                                                • Opcode Fuzzy Hash: 3796caac5fdd386676789e274ac0dc37df04228f9ce286bec626a323ee5dadd6
                                                                                                                                                • Instruction Fuzzy Hash: 514148767183A50BD31C8E398C9027ABAD19BC5210F1C873EF5A9C73E1E278C9469755
                                                                                                                                                Function 0043F3F0 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: eacd6d1bf5d751a5555680712c2f55212fa993ee3a8942bad22234f372755002
                                                                                                                                                • Instruction ID: 06d10a4b4de30274cb44548cded22ac272b0d694c1138d0b659082ff5fb3f4d6
                                                                                                                                                • Opcode Fuzzy Hash: eacd6d1bf5d751a5555680712c2f55212fa993ee3a8942bad22234f372755002
                                                                                                                                                • Instruction Fuzzy Hash: 2421DA32D0812447C724DB5D8481437F7E8EBAE709F46A63FD98497354E3399C1487E5
                                                                                                                                                Function 00404B50 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a1df307a01abbd9b5bc72b41129330a4f31f536fd3ccda6bd26083d42a983f49
                                                                                                                                                • Instruction ID: a5158b58b2244923fb86fafe67f782213786cc440b683b09a74ffbffb31bf152
                                                                                                                                                • Opcode Fuzzy Hash: a1df307a01abbd9b5bc72b41129330a4f31f536fd3ccda6bd26083d42a983f49
                                                                                                                                                • Instruction Fuzzy Hash: 033186B16042009BD7149E19C880B27B7F5EBC4358F14497EE995A73C1D239ED52CB8A
                                                                                                                                                Function 0041FBB1 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 70600c00407f57af6e7643053d55f44008fab0a7a73b61f8498b268a0a0cf229
                                                                                                                                                • Instruction ID: 91403ada59c80af92606582a27bfd04c79c960a9323eabaa12cec6cf06ffbbe3
                                                                                                                                                • Opcode Fuzzy Hash: 70600c00407f57af6e7643053d55f44008fab0a7a73b61f8498b268a0a0cf229
                                                                                                                                                • Instruction Fuzzy Hash: 24210531408340CBD720CF94C451BABB7F0FF96754F04892EE8899B391E3788949DBAA
                                                                                                                                                Function 00407020 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4aeaf61510b2e2fb7d1f4a18c956008caba3bd124f0fc2ccdfa8a74b8507fd34
                                                                                                                                                • Instruction ID: 6e7d0bf59782c8caebc80d2b72e0ad35498567dc67d674abe8dec8484ce65258
                                                                                                                                                • Opcode Fuzzy Hash: 4aeaf61510b2e2fb7d1f4a18c956008caba3bd124f0fc2ccdfa8a74b8507fd34
                                                                                                                                                • Instruction Fuzzy Hash: EC11D337B186214BE758CF62D8E053B6352EB8A21170A423EDA47A73C2CE35F801D296
                                                                                                                                                Function 0043B9F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                • Instruction ID: c5baf626a9f3c5b1a7c090f6d1c513c9a0ee97e091346a677967a88c05ec2ffc
                                                                                                                                                • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                • Instruction Fuzzy Hash: 91115933A085D40EC3129D3C8400765BFA34A97234F28939AF4B99B3D2C7268D8B9398
                                                                                                                                                Function 004300B0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 78472cdc561be1de6c15c3ac03a752c4fe24ca9b76bcca51e62a2e1d5f513d67
                                                                                                                                                • Instruction ID: 53c5724289730483ebc0c5bc93c1b4bf7b37334cb8c9fa6a51b5d5afab51a243
                                                                                                                                                • Opcode Fuzzy Hash: 78472cdc561be1de6c15c3ac03a752c4fe24ca9b76bcca51e62a2e1d5f513d67
                                                                                                                                                • Instruction Fuzzy Hash: D401B5F160030147EB24AF15E5E172BB2B85F48B08F08563ED80967342DB7EEC05D2A9
                                                                                                                                                Function 0040F917 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c1bcba0e93c530db99497d0dd31ec127801fcab15647f511495840a2536ecd7a
                                                                                                                                                • Instruction ID: 2a81a8060df05c4008c8e77e79816bfc4091818ee5787bfc9394ef3a1bc5ed3c
                                                                                                                                                • Opcode Fuzzy Hash: c1bcba0e93c530db99497d0dd31ec127801fcab15647f511495840a2536ecd7a
                                                                                                                                                • Instruction Fuzzy Hash: 2511C471B16151DBEB258B299C50B7AB7B2BB87200F1C41BAD486F37D1D2388D4ACF18
                                                                                                                                                Function 004432E0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c35ebd33b0a868ece5fa81ca9ba613642357e870ac6f59d1c087c9d52aadc636
                                                                                                                                                • Instruction ID: 7d8a3e583e3a390d0d73e3dbf99091ecfc1539457756a91f7df3a6d319445fe4
                                                                                                                                                • Opcode Fuzzy Hash: c35ebd33b0a868ece5fa81ca9ba613642357e870ac6f59d1c087c9d52aadc636
                                                                                                                                                • Instruction Fuzzy Hash: 15014F72A295214B8B4CDD3D9C2116BBBD19B89730F1A8B3DBDFAD72E0D234C8454685
                                                                                                                                                Function 0042DA0A Relevance: .0, Instructions: 45COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a961ee417b28871150b9e187044014ce4bd566ab8900ee7e0e85f2a66936b54c
                                                                                                                                                • Instruction ID: 2b9d54a66263602e410f43730ca31820d9c094fe8c03107b6883f3cc5ab60285
                                                                                                                                                • Opcode Fuzzy Hash: a961ee417b28871150b9e187044014ce4bd566ab8900ee7e0e85f2a66936b54c
                                                                                                                                                • Instruction Fuzzy Hash: 5A013570A0C3108BD7049F16E940A2AF7F2FB8A709F545A6AE4C9A3311D334ED01CB4A
                                                                                                                                                Function 0044518B Relevance: .0, Instructions: 44COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: fc43853c1bb009c1c5ba99451afc509ed8dc5713007873379a3f344642e5803e
                                                                                                                                                • Instruction ID: bda9b97f036035324769e7dd4b14887e049c85eb035dd92431c513c92175563b
                                                                                                                                                • Opcode Fuzzy Hash: fc43853c1bb009c1c5ba99451afc509ed8dc5713007873379a3f344642e5803e
                                                                                                                                                • Instruction Fuzzy Hash: 9B01C0B09102418FEF00DFA8D98062F7BB1AB06305F584458D846BF347D334DA15CBBA
                                                                                                                                                Function 004221A0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 1aee55f74cf63f0bcf27f2a94c64ef40f74351bc2f3e3d73a2157603e7e4e9e0
                                                                                                                                                • Instruction ID: 83bc2a0f4c6610ad6eb8d3716051e8fa586fbabdba77dfa71d291bffbc2af4af
                                                                                                                                                • Opcode Fuzzy Hash: 1aee55f74cf63f0bcf27f2a94c64ef40f74351bc2f3e3d73a2157603e7e4e9e0
                                                                                                                                                • Instruction Fuzzy Hash: 42014B72A195210B8748DE3C992212BBEE15B85330F168B2EBCFAD73E0D628CD144696
                                                                                                                                                Function 00437557 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: b1dc1e08b16fd630728bc2975af4581e433f40acbf6d4bba23a0daa4976a0907
                                                                                                                                                • Instruction ID: 29d1843231586ffc13bd66906b31da83c21bf2e90f2034cb1871587f6d3e83ef
                                                                                                                                                • Opcode Fuzzy Hash: b1dc1e08b16fd630728bc2975af4581e433f40acbf6d4bba23a0daa4976a0907
                                                                                                                                                • Instruction Fuzzy Hash: B9F014F09142006EE704BA3CCE4AB377AECEB45218F00464CFCA9D72C5E37068188BE6
                                                                                                                                                Function 0041B000 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 87b609d3f0c2804ff5dd618c8a20769add822df850d467d4e998f7a2218d14df
                                                                                                                                                • Instruction ID: 0639dadb1130b3f9d39aa2721587f05209e2ba5714bb3806ceb2dc41eb5cf330
                                                                                                                                                • Opcode Fuzzy Hash: 87b609d3f0c2804ff5dd618c8a20769add822df850d467d4e998f7a2218d14df
                                                                                                                                                • Instruction Fuzzy Hash: F3F0ECB170421057DB32CA55ECD0FB7BF9CCB8F354F191456E84557203E2695884C3E9
                                                                                                                                                Function 004416A0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                • Instruction ID: f2014a84591d8b1651eb51c9cf32dc204f6f011b2e75e78e2ce1e1e92b8acb02
                                                                                                                                                • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                • Instruction Fuzzy Hash: 37D05B21508261476B64CD199400977F7F0EA87711B49555FF581D3258D634DC41C1AD
                                                                                                                                                Function 0042A8A0 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 75bf4765cd6369d1d929975b4d005ae94e359678522ed3bc452efbf5d0c47e48
                                                                                                                                                • Instruction ID: d7331c652808e980a9ab1d83da08e8e6816827808003e54eab1ea1083092252d
                                                                                                                                                • Opcode Fuzzy Hash: 75bf4765cd6369d1d929975b4d005ae94e359678522ed3bc452efbf5d0c47e48
                                                                                                                                                • Instruction Fuzzy Hash: 90B002749482C0DBD504CF45D550575F375A74B615F14781CD146B7552D660E450C61D
                                                                                                                                                Function 0041FB73 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f8ce62699d77cf6fc485452aab23bc0d2f06dc97fb250f0cdf8bb77fec48897e
                                                                                                                                                • Instruction ID: 10fcdf0d7778afe5cfa01efcbfe7145de207d28205f498bccebed74cc4f07649
                                                                                                                                                • Opcode Fuzzy Hash: f8ce62699d77cf6fc485452aab23bc0d2f06dc97fb250f0cdf8bb77fec48897e
                                                                                                                                                • Instruction Fuzzy Hash: 56A001A9D49201C6E9006F21AC8647AA13C561B60AF047575990B32153A539D119955E
                                                                                                                                                Function 00437E6C Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 95COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitVariant
                                                                                                                                                • String ID: h$o$p$u$w$x$|
                                                                                                                                                • API String ID: 1927566239-4240480344
                                                                                                                                                • Opcode ID: cde7acc4cee73d9f3ad6b51b58eba3b6d1e0ed05a24c7d8988c59abd281807a9
                                                                                                                                                • Instruction ID: 9d6958b47ad856ebde4cbe1dfb74169830e054e6d7501ee8f713b10cbfeadee3
                                                                                                                                                • Opcode Fuzzy Hash: cde7acc4cee73d9f3ad6b51b58eba3b6d1e0ed05a24c7d8988c59abd281807a9
                                                                                                                                                • Instruction Fuzzy Hash: F941F3705087818ED726CF2CC59871ABFE1AB56324F08869CD8EA4F397C779E415CB62
                                                                                                                                                Function 0043760A Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 81COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitVariant
                                                                                                                                                • String ID: h$o$p$u$w$x$|
                                                                                                                                                • API String ID: 1927566239-4240480344
                                                                                                                                                • Opcode ID: b92fb920b183803341b6a49ae8c15ec2c06aa1b04362e43098b3f3f3dc9228c7
                                                                                                                                                • Instruction ID: aae88484b20a0b16339dad471568bb0d05582c718af79cc38c7e699e218f90ee
                                                                                                                                                • Opcode Fuzzy Hash: b92fb920b183803341b6a49ae8c15ec2c06aa1b04362e43098b3f3f3dc9228c7
                                                                                                                                                • Instruction Fuzzy Hash: DC41D4604087C18ED721DF2CC49870ABFE16B56224F088A9DD8EA4F3EBC775E515CB62
                                                                                                                                                Function 00428CF6 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 316COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000005.00000002.1718857259.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DrivesLogical
                                                                                                                                                • String ID: E)C$ ])[$9A,_$M5M3$ke${u
                                                                                                                                                • API String ID: 999431828-2464183539
                                                                                                                                                • Opcode ID: 8e946b173a2b0638e8986dccd9bdd53224a04dabdfdf3614ca645997601eb116
                                                                                                                                                • Instruction ID: 521e53e9a01874bd80e11f3ac1d6111864371d013e5fd0349dafb285c374cbb8
                                                                                                                                                • Opcode Fuzzy Hash: 8e946b173a2b0638e8986dccd9bdd53224a04dabdfdf3614ca645997601eb116
                                                                                                                                                • Instruction Fuzzy Hash: D6C1BAB490121ADFCB00CF55E8816AEBB70FF05309F60455DE415AB792D33AE962CFA9

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:1.4%
                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                Signature Coverage:0%
                                                                                                                                                Total number of Nodes:56
                                                                                                                                                Total number of Limit Nodes:4
                                                                                                                                                execution_graph 17056 25463b4 17057 25463d3 17056->17057 17058 25468c5 GetForegroundWindow 17057->17058 17059 25468d1 17058->17059 17081 250d440 17082 250d449 17081->17082 17083 250d451 GetInputState 17082->17083 17084 250d62e ExitProcess 17082->17084 17085 250d45e 17083->17085 17086 250d466 GetCurrentThreadId GetCurrentProcessId 17085->17086 17087 250d629 17085->17087 17091 250d491 17086->17091 17099 2545ce0 17087->17099 17095 250ebe0 17091->17095 17096 250ec5b 17095->17096 17097 250ed1c LoadLibraryExW 17096->17097 17098 250ed33 17097->17098 17102 2547280 17099->17102 17101 2545ce5 FreeLibrary 17101->17084 17103 2547289 17102->17103 17103->17101 17065 2546291 17069 2546200 17065->17069 17066 25462aa 17068 25462a8 17066->17068 17074 2546170 LdrInitializeThunk 17066->17074 17073 2546170 LdrInitializeThunk 17068->17073 17069->17065 17069->17066 17069->17068 17072 2546170 LdrInitializeThunk 17069->17072 17072->17069 17073->17068 17074->17068 17104 250f586 17105 250f672 17104->17105 17108 25101a0 17105->17108 17110 2510230 17108->17110 17109 250f6bb 17110->17109 17112 2545d00 17110->17112 17113 2545d7c 17112->17113 17114 2545d1b 17112->17114 17113->17110 17115 2545d87 17114->17115 17118 2545d29 17114->17118 17119 25434c0 17115->17119 17117 2545d66 RtlReAllocateHeap 17117->17113 17118->17117 17120 2543539 17119->17120 17122 25434d6 17119->17122 17120->17113 17121 2543526 RtlFreeHeap 17121->17120 17122->17121 17075 2543498 17076 254349e RtlAllocateHeap 17075->17076 17128 2546429 17130 2546458 17128->17130 17129 25464ae 17130->17129 17132 2546170 LdrInitializeThunk 17130->17132 17132->17129 17077 254505a 17078 25450c4 LoadLibraryExW 17077->17078 17079 254509e 17077->17079 17080 25450d6 17078->17080 17079->17078 17080->17080 17133 254690b 17134 2546954 17133->17134 17134->17134 17135 2546a9e 17134->17135 17137 2546170 LdrInitializeThunk 17134->17137 17137->17135

                                                                                                                                                Executed Functions

                                                                                                                                                Function 0250D440 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 163threadCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000008.00000002.1742131986.0000000002501000.00000020.00000400.00020000.00000000.sdmp, Offset: 02500000, based on PE: true
                                                                                                                                                • Associated: 00000008.00000002.1742116750.0000000002500000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742163446.000000000254B000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742180287.000000000254E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742197656.000000000255E000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_8_2_2500000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CurrentProcess$ExitInputStateThread
                                                                                                                                                • String ID: 1032$=<?>
                                                                                                                                                • API String ID: 1029096631-142149872
                                                                                                                                                • Opcode ID: bef983309819b3fb598398a5f272e664eb1953bb39074245dc1cb7ef9a9b9dcb
                                                                                                                                                • Instruction ID: f3362df1bfa15dfe5c54ce1e99d0d679de9a70b41380d765fced78fea0031b1a
                                                                                                                                                • Opcode Fuzzy Hash: bef983309819b3fb598398a5f272e664eb1953bb39074245dc1cb7ef9a9b9dcb
                                                                                                                                                • Instruction Fuzzy Hash: 2C41E47440E2809BD301AF98D994A1EFBF6FF92649F188C1CE5C487292D73698548F6B
                                                                                                                                                Function 02545D00 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000008.00000002.1742131986.0000000002501000.00000020.00000400.00020000.00000000.sdmp, Offset: 02500000, based on PE: true
                                                                                                                                                • Associated: 00000008.00000002.1742116750.0000000002500000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742163446.000000000254B000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742180287.000000000254E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742197656.000000000255E000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_8_2_2500000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 123
                                                                                                                                                • API String ID: 0-1549188022
                                                                                                                                                • Opcode ID: bc52207d65abe2eaa5ddc6def42831b49f3d2f411fa958372fa38f21f7eabd73
                                                                                                                                                • Instruction ID: 8cd379faf0e9db0032aac2d37cd5c04eab71bc84c12b1cafea1bac59619ec764
                                                                                                                                                • Opcode Fuzzy Hash: bc52207d65abe2eaa5ddc6def42831b49f3d2f411fa958372fa38f21f7eabd73
                                                                                                                                                • Instruction Fuzzy Hash: B201C475918250ABC201AF28E804A1EFFF5EF96719F444C68E4C49B211DB35D914CBA6
                                                                                                                                                Function 0250EBE0 Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 208 250ebe0-250ec59 209 250ec95-250ece4 208->209 210 250ec5b 208->210 212 250ece6 209->212 213 250ed1c-250ed2e LoadLibraryExW call 2544c50 209->213 211 250ec60-250ec93 call 2511d30 210->211 211->209 215 250ecf0-250ed1a call 2511cc0 212->215 219 250ed33-250ed4a 213->219 215->213
                                                                                                                                                APIs
                                                                                                                                                • LoadLibraryExW.KERNEL32(D7BFC9B3,00000000,F10E070C), ref: 0250ED26
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000008.00000002.1742131986.0000000002501000.00000020.00000400.00020000.00000000.sdmp, Offset: 02500000, based on PE: true
                                                                                                                                                • Associated: 00000008.00000002.1742116750.0000000002500000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742163446.000000000254B000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742180287.000000000254E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742197656.000000000255E000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_8_2_2500000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                • Opcode ID: c42d5a69683cb498718c8360fb5f64c79830a65b426317014095fee0d095e18e
                                                                                                                                                • Instruction ID: dc97f5f963056936a4b1bd91b330165f9de6baff9ba336caa20e12b5df290907
                                                                                                                                                • Opcode Fuzzy Hash: c42d5a69683cb498718c8360fb5f64c79830a65b426317014095fee0d095e18e
                                                                                                                                                • Instruction Fuzzy Hash: 7C31ADB0D01268DBEB10DFA9DC86BAEBBB5FB45304F104699E848A7380D3345E44CFA5
                                                                                                                                                Function 0254505A Relevance: 1.6, APIs: 1, Instructions: 70libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 221 254505a-254509c 222 25450c4-25450d0 LoadLibraryExW 221->222 223 254509e-254509f 221->223 224 25450d6-2545104 222->224 225 2545760-25457c2 222->225 226 25450a0-25450c2 call 2545fe0 223->226 224->225 230 25457c4 225->230 226->222 230->230
                                                                                                                                                APIs
                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000800), ref: 025450CC
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000008.00000002.1742131986.0000000002501000.00000020.00000400.00020000.00000000.sdmp, Offset: 02500000, based on PE: true
                                                                                                                                                • Associated: 00000008.00000002.1742116750.0000000002500000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742163446.000000000254B000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742180287.000000000254E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742197656.000000000255E000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_8_2_2500000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                • Opcode ID: b106b28cfd083a9db41a6368620577db4a01e9870842cc1a4c7d622135386648
                                                                                                                                                • Instruction ID: cb6e1c5d85ec9e14c94db6d6d762d75ccf8247789ac79282ea76f6173e385fdf
                                                                                                                                                • Opcode Fuzzy Hash: b106b28cfd083a9db41a6368620577db4a01e9870842cc1a4c7d622135386648
                                                                                                                                                • Instruction Fuzzy Hash: 9D21F274900396EFCB05CFA8D4906ADFBB0BF19241F980458D445B7382D730AA26CFA9
                                                                                                                                                Function 025463B4 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 231 25463b4-25463d1 232 25463d3 231->232 233 254640a-25468cc GetForegroundWindow call 25493d0 231->233 234 25463e0-2546408 call 25473e0 232->234 238 25468d1-25468f3 233->238 234->233
                                                                                                                                                APIs
                                                                                                                                                • GetForegroundWindow.USER32 ref: 025468C5
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000008.00000002.1742131986.0000000002501000.00000020.00000400.00020000.00000000.sdmp, Offset: 02500000, based on PE: true
                                                                                                                                                • Associated: 00000008.00000002.1742116750.0000000002500000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742163446.000000000254B000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742180287.000000000254E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742197656.000000000255E000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_8_2_2500000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ForegroundWindow
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2020703349-0
                                                                                                                                                • Opcode ID: 51c71f01860e64c5bec917cfb65cc632bf17813abc9cea3e065087790b684937
                                                                                                                                                • Instruction ID: 303ecde5ef8d8c0cac86fb84ace34dc5dc91ebbe68b8d7139a63f3a88feffbbb
                                                                                                                                                • Opcode Fuzzy Hash: 51c71f01860e64c5bec917cfb65cc632bf17813abc9cea3e065087790b684937
                                                                                                                                                • Instruction Fuzzy Hash: AE11C475A011058BCB04CFA4D5A46AEBBF6FB4A31DF280418E002E7381CB359959CF69
                                                                                                                                                Function 025434C0 Relevance: 1.5, APIs: 1, Instructions: 45memoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 240 25434c0-25434cf 241 25434d6-25434f3 240->241 242 2543539-254353d 240->242 243 25434f5 241->243 244 2543526-2543533 RtlFreeHeap 241->244 245 2543500-2543524 call 2546090 243->245 244->242 245->244
                                                                                                                                                APIs
                                                                                                                                                • RtlFreeHeap.NTDLL(?,00000000), ref: 02543533
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000008.00000002.1742131986.0000000002501000.00000020.00000400.00020000.00000000.sdmp, Offset: 02500000, based on PE: true
                                                                                                                                                • Associated: 00000008.00000002.1742116750.0000000002500000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742163446.000000000254B000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742180287.000000000254E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742197656.000000000255E000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_8_2_2500000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                • Opcode ID: 1310d3fef4e7368ba51fb29fe168c112bb698bd0547275ea5debb2a9da15c51e
                                                                                                                                                • Instruction ID: 8c9b7bba02f39856c4a2683bae0a5beeb7f8aff4c0582bfdab060fc46935b787
                                                                                                                                                • Opcode Fuzzy Hash: 1310d3fef4e7368ba51fb29fe168c112bb698bd0547275ea5debb2a9da15c51e
                                                                                                                                                • Instruction Fuzzy Hash: ACF01474909250ABC301AF18E954B0EBFF5EF96604F158C6CE4C89B261D336EC64DBA6
                                                                                                                                                Function 02546170 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 248 2546170-25461a2 LdrInitializeThunk
                                                                                                                                                APIs
                                                                                                                                                • LdrInitializeThunk.NTDLL(02549900,005C003F,00000002,00000018,-0000002C), ref: 0254619E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000008.00000002.1742131986.0000000002501000.00000020.00000400.00020000.00000000.sdmp, Offset: 02500000, based on PE: true
                                                                                                                                                • Associated: 00000008.00000002.1742116750.0000000002500000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742163446.000000000254B000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742180287.000000000254E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742197656.000000000255E000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_8_2_2500000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                                                • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                                                Function 02543498 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 249 2543498-25434a2 RtlAllocateHeap
                                                                                                                                                APIs
                                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000,?,?,00000000), ref: 025434A2
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000008.00000002.1742131986.0000000002501000.00000020.00000400.00020000.00000000.sdmp, Offset: 02500000, based on PE: true
                                                                                                                                                • Associated: 00000008.00000002.1742116750.0000000002500000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742163446.000000000254B000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742180287.000000000254E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742197656.000000000255E000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_8_2_2500000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                • Opcode ID: 3bc0a04f6a3ab7fb11166ec2dc27b3f29c05827a48a8d7fff65aa292b133cc3a
                                                                                                                                                • Instruction ID: 3d4a593488812ab7b3e53f689e8054b4bd098f7b362eec274363ff7f2a628e51
                                                                                                                                                • Opcode Fuzzy Hash: 3bc0a04f6a3ab7fb11166ec2dc27b3f29c05827a48a8d7fff65aa292b133cc3a
                                                                                                                                                • Instruction Fuzzy Hash: 52B00230685225F9E17316115CD9F7F1D6CDF43ED5F100454B208150C046645455E57D

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 02538660 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 101clipboardCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000008.00000002.1742131986.0000000002501000.00000020.00000400.00020000.00000000.sdmp, Offset: 02500000, based on PE: true
                                                                                                                                                • Associated: 00000008.00000002.1742116750.0000000002500000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742163446.000000000254B000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742180287.000000000254E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742197656.000000000255E000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_8_2_2500000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                • String ID: 6$6$8$9$9$=$?
                                                                                                                                                • API String ID: 2832541153-2499364611
                                                                                                                                                • Opcode ID: f5754529b0df5e8d467b579c94a59c830fba65cb250fdfcc6532404a9ac3321d
                                                                                                                                                • Instruction ID: 4cb317c39b07c888437dc421b2a41c21df512cf04e100f3cffb56b44b6bc4b29
                                                                                                                                                • Opcode Fuzzy Hash: f5754529b0df5e8d467b579c94a59c830fba65cb250fdfcc6532404a9ac3321d
                                                                                                                                                • Instruction Fuzzy Hash: EB413B7450C3818ED306AF78D18832EBFE1AB95318F044D5EE4D987282D77A8559CBA7
                                                                                                                                                Function 02537E6C Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 95COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000008.00000002.1742131986.0000000002501000.00000020.00000400.00020000.00000000.sdmp, Offset: 02500000, based on PE: true
                                                                                                                                                • Associated: 00000008.00000002.1742116750.0000000002500000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742163446.000000000254B000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742180287.000000000254E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742197656.000000000255E000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_8_2_2500000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitVariant
                                                                                                                                                • String ID: h$o$p$u$w$x$|
                                                                                                                                                • API String ID: 1927566239-4240480344
                                                                                                                                                • Opcode ID: 5911e694bd6b170fa1827c3c490696315aa2bb5d7a1f44b69bc1b887a44481ce
                                                                                                                                                • Instruction ID: 0919b0eda2e975c65b66cdeefeed207594948c940d4f9b73c745b489ca839025
                                                                                                                                                • Opcode Fuzzy Hash: 5911e694bd6b170fa1827c3c490696315aa2bb5d7a1f44b69bc1b887a44481ce
                                                                                                                                                • Instruction Fuzzy Hash: B041F4705087818ED726CF2CC598716BFE1AB56324F088A9CD8EA4F397C775E415CB62
                                                                                                                                                Function 0253760A Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 81COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000008.00000002.1742131986.0000000002501000.00000020.00000400.00020000.00000000.sdmp, Offset: 02500000, based on PE: true
                                                                                                                                                • Associated: 00000008.00000002.1742116750.0000000002500000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742163446.000000000254B000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742180287.000000000254E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742197656.000000000255E000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_8_2_2500000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitVariant
                                                                                                                                                • String ID: h$o$p$u$w$x$|
                                                                                                                                                • API String ID: 1927566239-4240480344
                                                                                                                                                • Opcode ID: 8bf23634a04e58b8d787ed1032af94a4fd2b9fc76f80ad2d48f28f44c260a643
                                                                                                                                                • Instruction ID: 0bf2c2d59ac3e55c6a233ba0d89c5d96832e37a4c0a73417e2131c6adc6074a2
                                                                                                                                                • Opcode Fuzzy Hash: 8bf23634a04e58b8d787ed1032af94a4fd2b9fc76f80ad2d48f28f44c260a643
                                                                                                                                                • Instruction Fuzzy Hash: 0F41C5604087C18ED722DF2CC494716BFE16B56224F088A9CD8EA4F3ABC675D515CB62
                                                                                                                                                Function 02528CF6 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 316COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000008.00000002.1742131986.0000000002501000.00000020.00000400.00020000.00000000.sdmp, Offset: 02500000, based on PE: true
                                                                                                                                                • Associated: 00000008.00000002.1742116750.0000000002500000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742163446.000000000254B000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742180287.000000000254E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000008.00000002.1742197656.000000000255E000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_8_2_2500000_aspnet_regiis.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DrivesLogical
                                                                                                                                                • String ID: E)C$ ])[$9A,_$M5M3$ke${u
                                                                                                                                                • API String ID: 999431828-2464183539
                                                                                                                                                • Opcode ID: d159418982e831bdf235088683a308453f2fe8def0202c4ad237b737128df572
                                                                                                                                                • Instruction ID: 8cb581c533bceb9a544914177f46a5c63d264fa2df64baaeff281b686589d8ec
                                                                                                                                                • Opcode Fuzzy Hash: d159418982e831bdf235088683a308453f2fe8def0202c4ad237b737128df572
                                                                                                                                                • Instruction Fuzzy Hash: E1C1BFB490025ADFCB04CF95D8816AEBB71FF06309F604958E4156F782D336E926CFA9