Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe

Overview

General Information

Sample name:SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Analysis ID:1404509
MD5:bfc65ce21e22544286826e26a5ec45ef
SHA1:e27dc55c11a9b10ca3966f1f7fec14e064c7d717
SHA256:dbea63a5288ad81e108db81ab75b9b78f60469facb9fe7ef768c6a3f7710d5eb
Tags:exe
Infos:

Detection

Score:8
Range:0 - 100
Whitelisted:false
Confidence:0%

Compliance

Score:19
Range:0 - 100

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
DLL planting / hijacking vulnerabilities found
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample may be VM or Sandbox-aware, try analysis on a native machine
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook
Sample searches for specific file, try point organization specific fake files to the analysis machine

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeDLL: LINKINFO.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: MSIMG32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: USP10.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: WINMM.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: PROPSYS.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: SspiCli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: Secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: MSASN1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: srpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: d2d1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: MLANG.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeDLL: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeDLL: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeDLL: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\GameRender.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: WININET.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: RICHED20.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: msIso.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: CRYPTSP.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: MSHTML.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: CRYPTBASE.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: UMPDC.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: DPAPI.DLLJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeDLL: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\360Base.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: IPHLPAPI.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: d3d10warp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: WindowsCodecs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: Wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: DWrite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeEXE: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION MiniClient.exeJump to behavior

Compliance

barindex
DLL planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeDLL: LINKINFO.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: MSIMG32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: USP10.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: WINMM.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: PROPSYS.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: SspiCli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: Secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: MSASN1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: srpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: d2d1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: MLANG.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeDLL: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeDLL: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeDLL: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\GameRender.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: WININET.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: RICHED20.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: msIso.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: CRYPTSP.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: MSHTML.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: CRYPTBASE.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: UMPDC.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: DPAPI.DLLJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeDLL: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\360Base.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: IPHLPAPI.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: d3d10warp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: WindowsCodecs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: Wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: DWrite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeDLL: msls31.dllJump to behavior
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeEXE: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeJump to behavior
Uses 32bit PE files
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Creates a software uninstall entry
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WanWD-xfq-3dmgameJump to behavior
PE / OLE file has a valid certificate
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 183.131.158.108:443 -> 192.168.2.7:49708 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: Flash.pdbx: source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr
Source: Binary string: Flash.pdb source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr
Source: Binary string: d:\code\weiduan\trunk\WD_NEW\bin\build\Release\GameRender.pdb source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: Binary string: d:\code\weiduan\trunk\WD_NEW\bin\build\Release\MiniClient.pdb source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.dr
Source: Binary string: C:\vmagent_new\bin\joblist\64060\out\Release\360Base.pdb source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.dr
Source: Binary string: d:\code\weiduan\trunk\WD_NEW\bin\build\Release\GameRender.pdb 0 source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /yy/jz/microend?mytime=1709789293&ver=3& HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/css/base.css HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/js/jq1.9.js HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/js/Slide.js HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/js/index.js HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/asbz/js/lr.js HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/images/bj1.png HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/images/icoimg.png HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/images/name_i.png HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/images/third_btn.png HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/images/lihover.png HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/images/img.png HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /yy/jz/microend?mytime=1709789293&ver=3& HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/css/base.css HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/js/jq1.9.js HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/js/Slide.js HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/js/index.js HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/asbz/js/lr.js HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/images/bj1.png HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/images/icoimg.png HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/images/name_i.png HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/images/third_btn.png HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/images/lihover.png HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /page/microend/jz/images/img.png HTTP/1.1Accept: */*Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)Host: yx.3dmgame.comConnection: Keep-Alive
Source: unknownDNS traffic detected: queries for: yx.3dmgame.com
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://%shttp://a.SharedObject.BadPersistenceSharedObject.UriMismatchpendingReserved
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://ad./adserver/e?type=playererrorhttp://ad.auditude.com/adserver/e?type=playererror////_.dashmp
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://ad./adserver?tm=15&u=http://cdn.auditude.com/adserver//1.4/midpre/response.xml?u=&u=&l=&z=&of
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://ad.auditude.com/adserver/e?type=playererror
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://adunit.cdn.auditude.com/assets/3p/v
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://adunit.cdn.auditude.com/assets/3p/vService
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://aia1.wosign.com/ca1-tsa.cer0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://aia1.wosign.com/ca1g2-code3.cer0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://aia1.wosign.com/ca6.code3.cer06
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://cdn.auditude.com/adserver
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://crls1.wosign.com/ca1.crl0g
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://crls1.wosign.com/ca1.crl0k
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://crls1.wosign.com/ca6-code3.crl0O
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://dashif.org/guidelines/trickmode
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://dashif.org/guidelines/trickmode1
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://dl.360tpcdn.com/360game/Unity3d.zip1.0.0.2
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://fpdownload2.macromedia.com/get/
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://fpdownload2.macromedia.com/get/flashplayer/update/current/xml/express/version_win_
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://fpdownload2.macromedia.com/get/flashplayer/update/current/xml/express/version_win_(V
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://fpdownload2.macromedia.com/get/flashplayer/update/current/xml/version_
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://fpdownload2.macromedia.com/get/flashplayer/update/current/xml/version_P
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://fpdownload2.macromedia.com/get/https://fpdownload.macromedia.com/get/https://www.macromedia.c
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://microend.wan.360.cn/api/feedback/index?ver=%s&pkey=%s&gkey=%s&mid=%s&channelid=%s&options=%d&
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://o.tv.yx-v.com/Hit/Proc?uid=%s&loc=wd
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://ocsp.digicert.com0
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://ocsp.digicert.com0H
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://ocsp.digicert.com0I
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://ocsp.digicert.com0L
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://ocsp1.wosign.com/ca10.
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://ocsp1.wosign.com/ca102
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://ocsp1.wosign.com/ca6/code300
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://passport.360.cn/api.php?parad=pcc_gamehall&from=%s5errnoerrmsgdatausernamerd%%%2X%20method=Co
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://r.yx-s.net/b/weiduan/s/
Source: MiniClient.exe, 00000002.00000002.2492678350.00000000023BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r.yx-s.net/b/weiduan/s/pN&
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, 00000000.00000002.1253682788.000000000241E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r.yx-s.net/b/weiduan/s/quit?channelid=&gkey=xfq&mid=&pkey=&ver=&&runtime=2U
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://s.symcd.com06
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://s3.amazonaws.com/venkat-test/ads/camry/file-640k.m3u8
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://s3.amazonaws.com/venkat-test/ads/camry/file-640k.m3u82L
Source: Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: MiniClient.exe, 00000002.00000003.1409639497.000000000658D000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497881411.000000000658D000.00000004.00000020.00020000.00000000.sdmp, Slide[1].js.2.drString found in binary or memory: http://www.SuperSlide2.com/
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://www.macromedia.com
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://www.macromedia.com/go/player_settings_
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://www.macromedia.com/go/player_settings_.Unmuted.MutedCamera.UnmutedCamera.MutedMicrophone.Unmu
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, 00000000.00000002.1250243043.0000000001B4C000.00000002.00000001.01000000.00000003.sdmp, MiniClient.exe, 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.maxthon.cn/test/
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://www.maxthon.cn/test/http://www.it.com.cn/f/edu/091/14/freeze/freeze_by_as.htmhttp://www.it.co
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://www.openssl.org/support/faq.html
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: http://www.openssl.org/support/faq.html....................
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://www.winimage.com/zLibDll
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://www.winimage.com/zLibDll(
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://www.wosign.com/policy/0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: http://www.youxi.com0
Source: Flash32_29_0_0_171.ocx.0.drString found in binary or memory: http://youtube.com/drm/2012/10/10
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drString found in binary or memory: http://youxi.comhttp://360.cn1000061000111000151000123608n
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.000000000244E000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yx.3dmgame.com
Source: MiniClient.exe, 00000002.00000002.2499175647.0000000006E5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://yx.3dmgame.comb.cssHooks.marginRight.get
Source: MiniClient.exe.0.drString found in binary or memory: https://auth.adobefpl.com/1/
Source: MiniClient.exe, 00000002.00000002.2500593415.00000000070E4000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbs.3dmgame.com/forum.php
Source: MiniClient.exe, 00000002.00000002.2497396701.0000000006500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbs.3dmgame.com/forum.php6
Source: MiniClient.exe, 00000002.00000003.1409512787.00000000070E2000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500593415.00000000070E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbs.3dmgame.com/forum.php8
Source: MiniClient.exe, 00000002.00000002.2500593415.00000000070E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbs.3dmgame.com/forum.phpr
Source: MiniClient.exe, 00000002.00000002.2500593415.00000000070E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbs.3dmgame.com/forum.phpr(
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: https://d.symcb.com/cps0%
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: https://d.symcb.com/rpa0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: https://d.symcb.com/rpa0.
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: https://fpdownload.macromedia.com/get/
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: https://fpdownload.macromedia.com/get/flashplayer/update/current/activate/ood.xml
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: https://fpdownload.macromedia.com/get/flashplayer/update/current/activate/ood.xmlhttps://geo2.adobe.
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.000000000244E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: MiniClient.exe, 00000002.00000002.2500616411.000000000727A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002417000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
Source: MiniClient.exe, 00000002.00000002.2500616411.00000000070E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2LMEM
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2O&
Source: MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033;
Source: MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033O_
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: MiniClient.exe, 00000002.00000002.2497881411.000000000658D000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1821037168.0000000006E88000.00000004.00000800.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.000000000244E000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2499266085.0000000006E70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://my.3dmgame.com
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.3dmgame.com/agreement
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002417000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.3dmgame.com/agreemente=q
Source: MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2499266085.0000000006E70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://my.3dmgame.com/findpasswd
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006564000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.000000000655A000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409639497.0000000006563000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.3dmgame.com/login/qq?referer=https://yx.3dmgame.com/yy/cjzg/microend
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.3dmgame.com/login/sina?referer=https://yx.3dmgame.com/yy/cjzg/microend
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.000000000244E000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.3dmgame.com/login/wechat?referer=https://yx.3dmgame.com/yy/cjzg/microend
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: https://www.globalsign.com/repository/0
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: https://www.macromedia.com/bin/flashdownload.cgi
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
Source: MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.cU
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/
Source: MiniClient.exe, 00000002.00000002.2500616411.00000000070E9000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/news/15695.html
Source: MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/news/15695.html//
Source: MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/news/15695.htmlJ
Source: MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/news/15714.html
Source: MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/news/15714.htmlIO
Source: MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/news/15714.htmlT
Source: MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/news/15714.html_
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/news/15748.html
Source: MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/news/15748.htmlI
Source: MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/news/15748.htmlf/
Source: MiniClient.exe, 00000002.00000002.2500616411.00000000070E9000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/news/16177.html
Source: MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/news/16177.html9/
Source: MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.js
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.js(K
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.js9293&ver=3&;
Source: MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.js9ZM
Source: MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.jsA_
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006584000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.0000000006584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.jsG
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.jsL
Source: MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.jsO_
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.jsT
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.jse
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.jsf
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006584000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.0000000006584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.jsg
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.jsngK
Source: MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.jsw
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/asbz/js/lr.jsx
Source: MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/css/base.css
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/css/base.css(Z
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/css/base.cssC
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/css/base.cssUX
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006584000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.0000000006584000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006512000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/bj1.png
Source: MiniClient.exe, 00000002.00000003.1408881498.00000000070EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/bj1.png...
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006584000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.0000000006584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/bj1.png=
Source: MiniClient.exe, 00000002.00000003.1409789769.0000000006512000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/bj1.pnga
Source: MiniClient.exe, 00000002.00000003.1409789769.0000000006512000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/bj1.pnge
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006584000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.0000000006584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/bj1.pngh
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/bj1.pngitka
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006512000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/icoimg.png
Source: MiniClient.exe, 00000002.00000003.1409789769.0000000006512000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/icoimg.png:y
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/icoimg.pngO
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/icoimg.png_
Source: MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/img.png
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/img.png&ver=3&
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/img.png)
Source: MiniClient.exe, 00000002.00000003.1409406123.000000000CC1D000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/img.png...
Source: MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/img.pngDX
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/img.pnggzip
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006584000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.0000000006584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/img.pngz
Source: MiniClient.exe, 00000002.00000003.1408881498.00000000070EA000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/lihover.png
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/lihover.png&
Source: MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/lihover.png....
Source: MiniClient.exe, 00000002.00000003.1409936472.0000000002467000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/lihover.png....izing:content-box;
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/lihover.pngO_
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/lihover.pngo
Source: MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/name_i.png
Source: MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/name_i.png...
Source: MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/name_i.png...JJ
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/name_i.png_
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/name_i.pngdeflate
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/name_i.pngo
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/third_btn.png
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/third_btn.png%
Source: MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/third_btn.png...6Eu
Source: MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/third_btn.png...:Jy
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/third_btn.png4
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/third_btn.pngflate
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/third_btn.pngl
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/images/third_btn.pngni
Source: MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js
Source: MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/Slide.js
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/Slide.js293&ver=3&
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/Slide.js293&ver=3&end?mytime=1709789293&ver=3&7.0
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/Slide.js8
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.000000000244E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/Slide.jsC:
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006584000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.0000000006584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/Slide.jsF
Source: MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/index.js
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/index.jsFrC:
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/index.jsI
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006584000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.0000000006584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/index.jsW
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006584000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.0000000006584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/index.jsi
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/index.jsng&ver=3&
Source: MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/jq1.9.js
Source: MiniClient.exe, 00000002.00000002.2492678350.00000000023BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/jq1.9.js293&ver=3&%
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/jq1.9.js293&ver=3&.dll
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/jq1.9.js293&ver=3&ngs
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/jq1.9.jsN
Source: MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/page/microend/jz/js/jq1.9.jsVr
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: https://yx.3dmgame.com/vip/customer
Source: MiniClient.exe, 00000002.00000002.2492678350.00000000023BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/vip/customerH6=
Source: MiniClient.exe, 00000002.00000003.1409512787.00000000070E2000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500593415.00000000070E4000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/vip/zhifu
Source: MiniClient.exe, 00000002.00000002.2500593415.00000000070E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/vip/zhifu4
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: https://yx.3dmgame.com/vip/zhifu?sign=jz
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, 00000000.00000002.1253682788.000000000241E000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/vip/zhifu?sign=jztmp
Source: MiniClient.exe, 00000002.00000002.2497396701.0000000006500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/vip/zhifuX
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend
Source: MiniClient.exe, 00000002.00000003.1409639497.0000000006563000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?m
Source: MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&
Source: MiniClient.exe, 00000002.00000003.1409789769.0000000006512000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&##
Source: MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&###
Source: MiniClient.exe, 00000002.00000003.1409789769.0000000006512000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&##C
Source: MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&##I$
Source: MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&##M
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&##P
Source: MiniClient.exe, 00000002.00000003.1409789769.0000000006512000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&##Q
Source: MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&##s=
Source: MiniClient.exe, 00000002.00000003.1409789769.0000000006512000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&#7
Source: MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&(
Source: MiniClient.exe, 00000002.00000003.1408700391.000000000655A000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409639497.0000000006563000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&...
Source: MiniClient.exe, 00000002.00000003.1408700391.000000000655A000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409639497.0000000006563000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&...T
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&000
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&1033&
Source: MiniClient.exe, 00000002.00000002.2495992605.0000000005C13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&3
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&728C5&redirect_uri=https://login.live.
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&9293&ver=3&...=#B2000000
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&9i
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&:
Source: MiniClient.exe, 00000002.00000003.1409789769.0000000006512000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&C:
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.000000000244E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&E
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&QR
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&T
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&T&
Source: MiniClient.exe, 00000002.00000002.2497881411.0000000006564000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.000000000655A000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409639497.0000000006563000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&X
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&Z
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&dpT&
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&e
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&fff
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&hC6
Source: MiniClient.exe, 00000002.00000002.2495992605.0000000005C13000.00000004.00000800.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2498976509.0000000006E10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&https://yx.3dmgame.com/page/microend/j
Source: MiniClient.exe, 00000002.00000003.1342369635.0000000006E93000.00000004.00000800.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2499297971.0000000006E90000.00000004.00000800.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1341958107.0000000006E91000.00000004.00000800.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1322913846.0000000006E93000.00000004.00000800.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1322869380.0000000006E91000.00000004.00000800.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1342212395.0000000006E92000.00000004.00000800.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1819710276.0000000006E93000.00000004.00000800.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1322846344.0000000006E90000.00000004.00000800.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1322892680.0000000006E92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&https://yx.3dmgame.com/yy/jz/microend?
Source: MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&i
Source: MiniClient.exe, 00000002.00000002.2500616411.00000000070E9000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408881498.00000000070EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&m/page/microend/jz/images/img.png...5
Source: MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&ngs
Source: MiniClient.exe, 00000002.00000002.2495542201.00000000056BF000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&x?9t
Source: MiniClient.exe, 00000002.00000002.2492678350.00000000023BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/yy/jz/microendmytime=1709789293&ver=3&
Source: MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: https://yx.3dmgame.com/zt/jz/
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, 00000000.00000002.1253682788.000000000241E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.3dmgame.com/zt/jz/mp
Source: MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yx.7&
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 183.131.158.108:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, 00000000.00000000.1229526113.00000000011FD000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: DirectInput8Creatememstr_2318e5b0-3
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeCode function: 2_2_00721D462_2_00721D46
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: Resource name: DATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: Resource name: DATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: Resource name: DATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: MiniClient.exe.0.drStatic PE information: Resource name: DATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: MiniClient.exe.0.drStatic PE information: Resource name: DATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: MiniClient.exe.0.drStatic PE information: Resource name: DATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, 00000000.00000000.1229526113.0000000001BCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameGameRender.dll, vs SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, 00000000.00000002.1250243043.0000000001A48000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFlash.ocx@ vs SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, 00000000.00000001.1231317216.00000000007C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: NcknxCommentsCompanyNameFileDescriptionFileVersionInternalNameLegalCopyrightLegalTrademarksOriginalFilenamePrivateBuildProductNameProductVersionSpecialBuild\VarFileInfo\Translation\StringFileInfo\%04x%04x\\StringFileInfo%04hx%04hx vs SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, 00000000.00000001.1231317216.00000000007C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename360Base.dll0 vs SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, 00000000.00000002.1253372815.00000000020F9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMiniClientLauncher.exe, vs SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeBinary or memory string: NcknxCommentsCompanyNameFileDescriptionFileVersionInternalNameLegalCopyrightLegalTrademarksOriginalFilenamePrivateBuildProductNameProductVersionSpecialBuild\VarFileInfo\Translation\StringFileInfo\%04x%04x\\StringFileInfo%04hx%04hx vs SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeBinary or memory string: OriginalFilename360Base.dll0 vs SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeBinary or memory string: OriginalFilenameFlash.ocx@ vs SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeBinary or memory string: OriginalFilenameGameRender.dll, vs SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeBinary or memory string: OriginalFilenameMiniClientLauncher.exe, vs SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: msiso.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: vaultcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: dxtrans.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: atl.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: ddrawex.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: ddraw.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: dciman32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: dxtmsft.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeSection loaded: profext.dllJump to behavior
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: clean8.winEXE@3/24@1/1
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile created: C:\Users\user\AppData\Roaming\dzzJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeMutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 6896
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 1340
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile created: C:\Users\user~1\AppData\Local\Temp\GH_1EBE.tmpJump to behavior
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile read: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\cfg.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: set-addPolicy
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: id-cmc-addExtensions
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: unaru. <a href='http://adobe.com/go/addlocalstorage_rs' target='_blank'><u><font color='#0000FF'>Saznajte vi
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: imaldab kiiremini laadida ja teavet arvutisse salvestada. <a href='http://adobe.com/go/addlocalstorage_ee' target='_blank'><u><font color='#0000FF'>Lisateave</font></u></a>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: imaldab kiiremini laadida ja teavet arvutisse salvestada. <a href='http://adobe.com/go/addlocalstorage_ee' target='_blank'><u><font color='#0000FF'>Lisateave</font></u></a>Rakenduse otsetee loomineSalvesta heliKopeeri pilt nimega ...Kopeeri pildi asukohtKopeeri piltSalvesta link nimega ...Lisa link j
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: <br/><a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: iame kompiuteryje. <a href='http://adobe.com/go/addlocalstorage_lt' target='_blank'><u><font color='#0000FF'>Su
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: . <a href='http://adobe.com/go/addlocalstorage_lv' target='_blank'><u><font color='#0000FF'>Uzziniet vair
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: . <a href='http://adobe.com/go/addlocalstorage_ua' target='_blank'><u><font color='#0000FF'>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: unalu. <a href='http://adobe.com/go/addlocalstorage_hr' target='_blank'><u><font color='#0000FF'>Saznajte vi
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: iile pe acest computer. <a href='http://adobe.com/go/addlocalstorage_ro' target='_blank'><u><font color='#0000FF'>Mai multe informa
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: unalniku. <a href='http://adobe.com/go/addlocalstorage_si' target='_blank'><u><font color='#0000FF'>Ve
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: . <a href='http://adobe.com/go/addlocalstorage_bg' target='_blank'><u><font color='#0000FF'>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: i. <a href='http://adobe.com/go/addlocalstorage_sk' target='_blank'><u><font color='#0000FF'>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: . <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: Allow this game to use local storage? This will allow it to load faster and save information on this computer. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font colour='#0000FF'>Learn More</font></u></a>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: This Flash Player is not compatible with your region. Please reinstall Adobe Flash Player.A required system component is not running properly. Please reinstall Adobe Flash Player.<textformat leftmargin='2' rightmargin='2'><p>Allow this content to access your computer?</p><br></textformat><textformat leftmargin='20' rightmargin='20'><p align='right'><font color='#0000FF'><u><a href='https://www.adobe.com/go/fp-spectre'>Learn more</a></u></font></p></textformat>WARNING: For content targeting Flash Player version 14 or higher, ExternalInterface escapes strings using JSON conventions. To maintain compatibility, content published to earlier Flash Player versions continues to use the legacy escaping behaviour.by <a href='%1' target='_blank'><u><font colour='#0000FF'>%2</font></u></a>Allow this game to use local storage? This will allow it to load faster and save information on this computer. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font colour='#0000FF'>Learn More</font></u></a>Reload FilmFilm not loaded...T
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: paikallista tallennustilaa? Tietojen tallentaminen paikallisesti nopeuttaa pelin latautumista. <a href='http://adobe.com/go/addlocalstorage_fi' target='_blank'><u><font color='#0000FF'>Lis
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: pen. <a href='http://adobe.com/go/addlocalstorage_hu' target='_blank'><u><font color='#0000FF'>Tov
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: datamaskinen. <a href='http://adobe.com/go/addlocalstorage_no' target='_blank'><u><font color='#0000FF'>Finn ut mer</font></u></a>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: datamaskinen. <a href='http://adobe.com/go/addlocalstorage_no' target='_blank'><u><font color='#0000FF'>Finn ut mer</font></u></a>Opprett programsnarveiLydopptakLagre bilde som...Kopier bildeplasseringKopier bildeLagre kobling som...Bokmerkekobling...Kopier koblingsplassering
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: o no computador. <a href='http://adobe.com/go/addlocalstorage_pt' target='_blank'><u><font color='#0000FF'>Saber mais</font></u></a>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: o no computador. <a href='http://adobe.com/go/addlocalstorage_pt' target='_blank'><u><font color='#0000FF'>Saber mais</font></u></a>Criar atalho de aplica
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: denne computer. <a href='http://adobe.com/go/addlocalstorage_da' target='_blank'><u><font color='#0000FF'>F
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: klenmesine ve bu bilgisayarda bilgi kaydetmesine izin verir. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Daha Fazla Bilgi</font></u></a>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: klenmesine ve bu bilgisayarda bilgi kaydetmesine izin verir. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Daha Fazla Bilgi</font></u></a>Uygulama K
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: r datorn. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>L
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: es neste computador. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Saiba mais</font></u></a>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: es neste computador. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Saiba mais</font></u></a>Criar atalho de aplicativoGravar
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: informacji na tym komputerze. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Wi
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: Lokale opslag toegankelijk maken voor dit spel? Hierdoor wordt het spel sneller geladen en worden de spelgegevens opgeslagen op deze computer. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Meer informatie</font></u></a>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: -inhoud uit dit domein niet naar behoren.<br><br><font color='#0000FF'><u><a href='http://www.adobe.com/go/learn_fp_safari_safe_mode_nl'>Meer informatie</a></u></font></textformat>Toevoegen aan Adobe PlaypanelVastmaken aan Startprobeert te communiceren met deze voor internet geschikte locatie:De volgende lokale toepassing op uw computer of netwerk:Adobe Flash Player heeft een potentieel onveilige bewerking gestopt.NeeEen script in deze film zorgt ervoor dat Adobe Flash Player langzaam wordt uitgevoerd. Als dit script actief blijft, reageert de computer mogelijk niet meer. Wilt u het script afbreken?Sneltoets voor deze toepassing maken op het bureaublad?Sneltoets toevoegen aan bureaubladToevoegen aan lokale opslag in Flash Playerdoor <a href='%1' target='_blank'><u><font color='#0000FF'>%2</font></u></a>Sneltoets makenAnnulerenVastzetten op taakbalkToevoegen aan menu StartToevoegen aan bureaubladSneltoetsen voor de toepassing maken in de volgende locaties:Ook sneltoetsen voor de toepassing maken in de volgende locaties:Lokale opslag toegankelijk maken voor dit spel? Hierdoor wordt het spel sneller geladen en worden de spelgegevens opgeslagen op deze computer. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Meer informatie</font></u></a>Sneltoets voor de toepassing makenAudio opnemenAfbeelding opslaan als...Afbeeldingslocatie kopi
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: informazioni su questo computer. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Altre informazioni</font></u></a>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: informazioni su questo computer. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Altre informazioni</font></u></a>Crea collegamento applicazioneRegistra audioSalva immagine con nome...Copia posizione immagineCopia immagineSalva collegamento con nome...Imposta collegamento come segnalibro...Copia posizione collegamentoApri in una nuova schedaApri in una nuova finestraApriSeleziona tuttoEliminaIncollaCopiaTagliaAnnullaInformazioni su Adobe Flash Player %s...Impostazioni globali...Impostazioni...Ricarica filmatoMostra aree ridisegnoStampa...Filmato non caricato...IndietroAvantiRiavvolgiCicloRiproduciBassaQualit
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: ? Le jeu pourra se charger plus rapidement et enregistrer des informations sur cet ordinateur. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>En savoir plus</font></u></a>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: ? Le jeu pourra se charger plus rapidement et enregistrer des informations sur cet ordinateur. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>En savoir plus</font></u></a>Cr
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: n en este ordenador. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>M
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: Darf dieses Spiel den lokalen Speicher verwenden? Dadurch wird es schneller geladen und kann Informationen auf diesem Computer speichern. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Weitere Informationen</font></u></a>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: pfungen auch hier erstellen:Darf dieses Spiel den lokalen Speicher verwenden? Dadurch wird es schneller geladen und kann Informationen auf diesem Computer speichern. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Weitere Informationen</font></u></a>Verkn
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: e. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Dal
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: Allow this game to use local storage? This will allow it to load faster and save information on this computer. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Learn More</font></u></a>
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: This Flash Player is not compatible with your region, please reinstall Adobe Flash Player.Learn MoreThis application is not properly licensed to embed Adobe Flash Player.ReinstallA required system component is not running properly, please reinstall Adobe Flash Player.<textformat leftmargin='2' rightmargin='2'><p>Allow this content to access your computer ?</p><br></textformat><textformat leftmargin='20' rightmargin='20'><p align='right'><font color='#0000FF'><u><a href='https://www.adobe.com/go/fp-spectre'>Learn more</a></u></font></p></textformat>Your player will soon be out of date. Please update to continue.LaterUpdate NowFlash Player is out of dateYour player needs to be updated before you can continue.Check for Updates...Create Shortcut on Desktop<textformat leftmargin='2' rightmargin='2'>Do you trust this content to connect to the Internet?</textformat>WARNING: For content targeting Flash Player version 14 or higher, ExternalInterface escapes strings using JSON conventions. To maintain compatibility, content published to earlier Flash Player versions continues to use the legacy escaping behavior.<textformat leftmargin='2' rightmargin='2'>"Add to Adobe Playpanel" has failed. You must first launch and login to Adobe Playpanel to use this feature.</textformat>Find games with Adobe Playpanel<textformat leftmargin='2' rightmargin='2'>You must adjust Safari's security preferences to allow Flash content from this domain to work properly.<br><br><font color='#0000FF'><u><a href='http://www.adobe.com/go/learn_fp_safari_safe_mode'>Learn More</a></u></font></textformat>Add to Adobe PlaypanelPin to Startis trying to communicate with this Internet-enabled location:The following local application on your computer or network:Adobe Flash Player has stopped a potentially unsafe operation.NoYesA script in this movie is causing Adobe Flash Player to run slowly. If it continues to run, your computer may become unresponsive. Do you want to abort the script?Create a desktop shortcut for this application?Add shortcut to desktopAdd to Local Storage in Flash Playerby <a href='%1' target='_blank'><u><font color='#0000FF'>%2</font></u></a>Create ShortcutsOKCancelPin to TaskbarAdd to Start menuAdd to DesktopCreate application shortcuts in these places:Also create application shortcuts in these places:Allow this game to use local storage? This will allow it to load faster and save information on this computer. <a href='http://adobe.com/go/addlocalstorage' target='_blank'><u><font color='#0000FF'>Learn More</font></u></a>Create Application ShortcutRecord AudioSave Image As...Copy Image LocationCopy ImageSave link as...Bookmark link...Copy link locationOpen in new tabOpen in new windowOpenSelect AllDeleteUndoAbout Adobe Flash Player %s...Global Settings...Settings...Reload MovieDebuggerShow Redraw RegionsPrint...Movie not loaded...BackForwardRewindLoopPlayHighMediumLowQualityFull ScreenShow All100%Zoom OutZoom Inen-gbpt-pt
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: ms-help:
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: _rootuseCodepagetabChildrenscreenDPIisEmbeddedInAcrobatmaxLevelIDChasTLSlocalFileReadDisableavHardwareDisableplayerTypeisDebuggerhasScreenBroadcasthasScreenPlaybackhasPrintinghasAccessibilityhasVideoEncoderhasAudioEncoderhasMP3hasEmbeddedVideohasStreamingVideohasStreamingAudiohasAudioversionserverStringfscommandview-source:mms:rlogin:rtsp:pop3:wais:snews:nntp:imap:gopher:news:telnet:res:ms-help:mk:ms-itss:ms-its:its:knownfolder:vshelp:local:shell:PrintAboutSettingsMovie not loadedSave@
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: <!--StartFragment-->
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: flashplayer/update/current/install/inline/
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: #EXT-X-START
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: [HlsParser] EXT-X-START: %f %u
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: #EXTM3U#EXT-X-STREAM-INF#EXT-X-I-FRAME-STREAM-INF#EXTINF#EXT-X-ENDLIST#EXT-X-TARGETDURATION#EXT-X-MEDIA-SEQUENCE#EXT-X-DISCONTINUITY#EXT-X-FAXS-CM#EXT-X-FAXS-PACKAGINGCERT#EXT-X-FAXS-SIGNATURE#EXT-X-KEY#EXT-X-CUE#EXT-X-I-FRAMES-ONLY#EXT-X-VERSION#EXT-X-MEDIA#EXT-X-BYTERANGE#EXT-X-CM-SEQUENCE#EXT-X-MARKER#EXT-X-MAP#EXT-X-PLAYLIST-TYPE#EXT-X-PROGRAM-DATE-TIME#EXT-X-START#EXT-X-MEDIA-TIMEltype..\..\..\modules\media\source\parsers\HlsParser.cppASSERT!! : file %s : line %d : condition %s
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: PRECISEYES[HlsParser] EXT-X-START: %f %u
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeString found in binary or memory: [mem] sweep-start
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeProcess created: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeProcess created: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: ??.lnk.0.drLNK file: ..\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile written: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\cfg.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WanWD-xfq-3dmgameJump to behavior
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic file information: File size 23828992 > 1048576
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x15f2a00
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: Flash.pdbx: source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr
Source: Binary string: Flash.pdb source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr
Source: Binary string: d:\code\weiduan\trunk\WD_NEW\bin\build\Release\GameRender.pdb source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: Binary string: d:\code\weiduan\trunk\WD_NEW\bin\build\Release\MiniClient.pdb source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.dr
Source: Binary string: C:\vmagent_new\bin\joblist\64060\out\Release\360Base.pdb source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.dr
Source: Binary string: d:\code\weiduan\trunk\WD_NEW\bin\build\Release\GameRender.pdb 0 source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeCode function: 2_2_0072EC44 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,2_2_0072EC44
Source: Flash32_29_0_0_171.ocx.0.drStatic PE information: section name: .rodata
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeCode function: 2_2_0071C511 push ecx; ret 2_2_0071C524
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile created: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile created: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\GameRender.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile created: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\360Base.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile created: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\Flash32_29_0_0_171.ocxJump to dropped file
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 6300000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 6910000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 6A90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 6E30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 6EB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 6F10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 6F30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 6F50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 6F70000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 6F90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 7010000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 7030000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 7050000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: ADC0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 6FB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: BD10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: BE50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: BE90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: BCA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: BE70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: C320000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: C340000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: C380000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: 24B0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeWindow / User API: foregroundWindowGot 498Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\GameRender.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\360Base.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\Flash32_29_0_0_171.ocxJump to dropped file
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-6262
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_2-6165
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.0000000002420000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.0000000002467000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: MiniClient.exe, 00000002.00000002.2497396701.0000000006500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: MiniClient.exe, 00000002.00000002.2497396701.0000000006500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}uF\
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeAPI call chain: ExitProcess graph end nodegraph_2-6264
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeCode function: 2_2_00718913 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00718913
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeCode function: 2_2_0072EC44 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,2_2_0072EC44
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeCode function: 2_2_00716C70 GetProcessHeap,HeapAlloc,RtlInterlockedPopEntrySList,VirtualAlloc,RtlInterlockedPopEntrySList,VirtualFree,RtlInterlockedPushEntrySList,2_2_00716C70
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeCode function: 2_2_00718913 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00718913
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeCode function: 2_2_0071791B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0071791B
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeProcess created: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeCode function: 2_2_0072ABA4 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,2_2_0072ABA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior
Source: C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts2
Command and Scripting Interpreter		1
Windows Service		1
Windows Service		1
Masquerading		1
Input Capture		1
System Time Discovery		Remote Services1
Input Capture		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Native API		1
Scripting		11
Process Injection		11
Virtualization/Sandbox Evasion		LSASS Memory1
Query Registry		Remote Desktop Protocol1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		Security Account Manager21
Security Software Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron2
DLL Search Order Hijacking		2
DLL Search Order Hijacking		1
Disable or Modify Tools		NTDS11
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
Process Injection		LSA Secrets1
Process Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Obfuscated Files or Information		Cached Domain Credentials1
Application Window Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync3
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
DLL Search Order Hijacking		Proc Filesystem12
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe5%ReversingLabs
SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe3%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\360Base.dll2%ReversingLabs
C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\360Base.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\Flash32_29_0_0_171.ocx0%ReversingLabs
C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\Flash32_29_0_0_171.ocx0%VirustotalBrowse
C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\GameRender.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\GameRender.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe5%ReversingLabs
C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe3%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://dashif.org/guidelines/trickmode0%URL Reputationsafe
http://www.youxi.com00%Avira URL Cloudsafe
http://ad./adserver/e?type=playererrorhttp://ad.auditude.com/adserver/e?type=playererror////_.dashmp0%Avira URL Cloudsafe
https://yx.7&0%Avira URL Cloudsafe
http://yx.3dmgame.comb.cssHooks.marginRight.get0%Avira URL Cloudsafe
http://dl.360tpcdn.com/360game/Unity3d.zip1.0.0.20%Avira URL Cloudsafe
http://r.yx-s.net/b/weiduan/s/quit?channelid=&gkey=xfq&mid=&pkey=&ver=&&runtime=2U0%Avira URL Cloudsafe
http://dashif.org/guidelines/trickmode10%Avira URL Cloudsafe
https://auth.adobefpl.com/1/0%Avira URL Cloudsafe
http://dl.360tpcdn.com/360game/Unity3d.zip1.0.0.20%VirustotalBrowse
http://ad.auditude.com/adserver/e?type=playererror0%Avira URL Cloudsafe
http://dashif.org/guidelines/trickmode10%VirustotalBrowse
https://auth.adobefpl.com/1/0%VirustotalBrowse
http://ad.auditude.com/adserver/e?type=playererror0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
yx.3dmgame.com
183.131.158.108
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://yx.3dmgame.com/page/microend/jz/images/bj1.pngfalse
      		high
      https://yx.3dmgame.com/page/microend/jz/images/icoimg.pngfalse
        		high
        https://yx.3dmgame.com/page/microend/jz/images/img.pngfalse
          		high
          https://yx.3dmgame.com/page/microend/jz/js/jq1.9.jsfalse
            		high
            https://yx.3dmgame.com/page/microend/jz/css/base.cssfalse
              		high
              https://yx.3dmgame.com/page/microend/asbz/js/lr.jsfalse
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://yx.3dmgame.com/page/microend/jz/images/img.pnggzipMiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://aia1.wosign.com/ca1-tsa.cer0SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drfalse
                    		high
                    https://my.3dmgame.com/login/sina?referer=https://yx.3dmgame.com/yy/cjzg/microendMiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://yx.3dmgame.com/page/microend/jz/images/third_btn.png%MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&000MiniClient.exe, 00000002.00000002.2500414505.00000000070C3000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://yx.3dmgame.com/page/microend/jz/js/Slide.js293&ver=3&end?mytime=1709789293&ver=3&7.0MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://yx.3dmgame.com/news/15695.html//MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://yx.7&MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              https://yx.3dmgame.com/page/microend/jz/images/img.png)MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://aia1.wosign.com/ca6.code3.cer06SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drfalse
                                  		high
                                  https://yx.3dmgame.com/MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://s3.amazonaws.com/venkat-test/ads/camry/file-640k.m3u82LSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drfalse
                                      		high
                                      https://yx.3dmgame.com/page/microend/jz/images/third_btn.png4MiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.youxi.com0SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exefalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.SuperSlide2.com/MiniClient.exe, 00000002.00000003.1409639497.000000000658D000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497881411.000000000658D000.00000004.00000020.00020000.00000000.sdmp, Slide[1].js.2.drfalse
                                          		high
                                          https://yx.3dmgame.com/page/microend/jz/images/third_btn.pngniMiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://yx.3dmgame.com/page/microend/jz/css/base.cssCMiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://yx.3dmgame.com/page/microend/jz/jsMiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://yx.3dmgame.com/page/microend/jz/js/jq1.9.js293&ver=3&.dllMiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://yx.3dmgame.com/page/microend/jz/js/Slide.jsC:MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.000000000244E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://yx.3dmgame.com/page/microend/jz/js/jq1.9.jsNMiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://ad./adserver/e?type=playererrorhttp://ad.auditude.com/adserver/e?type=playererror////_.dashmpSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&...MiniClient.exe, 00000002.00000003.1408700391.000000000655A000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409639497.0000000006563000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://yx.3dmgame.com/page/microend/asbz/js/lr.jsxMiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.maxthon.cn/test/http://www.it.com.cn/f/edu/091/14/freeze/freeze_by_as.htmhttp://www.it.coSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exefalse
                                                            		high
                                                            https://yx.3dmgame.com/page/microend/asbz/js/lr.jswMiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://ocsp1.wosign.com/ca6/code300SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drfalse
                                                                		high
                                                                http://yx.3dmgame.comb.cssHooks.marginRight.getMiniClient.exe, 00000002.00000002.2499175647.0000000006E5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://yx.3dmgame.com/page/microend/jz/images/third_btn.png...:JyMiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://yx.3dmgame.com/page/microend/asbz/js/lr.jsLMiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://yx.3dmgame.com/news/15695.htmlMiniClient.exe, 00000002.00000002.2500616411.00000000070E9000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://yx.3dmgame.com/page/microend/jz/images/third_btn.pngflateMiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://yx.3dmgame.com/page/microend/asbz/js/lr.jsTMiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://yx.3dmgame.com/news/15748.htmlMiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://yx.3dmgame.com/page/microend/jz/js/jq1.9.js293&ver=3&%MiniClient.exe, 00000002.00000002.2492678350.00000000023BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&9293&ver=3&...=#B2000000MiniClient.exe, 00000002.00000002.2500414505.00000000070C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://dashif.org/guidelines/trickmodeSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://yx.3dmgame.com/yy/jz/microendSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exefalse
                                                                                  		high
                                                                                  http://dl.360tpcdn.com/360game/Unity3d.zip1.0.0.2SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exefalse
                                                                                  • 0%, Virustotal, Browse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://yx.3dmgame.com/page/microend/asbz/js/lr.jseMiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://bbs.3dmgame.com/forum.phprMiniClient.exe, 00000002.00000002.2500593415.00000000070E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://r.yx-s.net/b/weiduan/s/quit?channelid=&gkey=xfq&mid=&pkey=&ver=&&runtime=2USecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, 00000000.00000002.1253682788.000000000241E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://www.macromedia.com/support/flashplayer/sys/SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drfalse
                                                                                        		high
                                                                                        https://yx.3dmgame.com/page/microend/asbz/js/lr.jsfMiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://fpdownload2.macromedia.com/get/https://fpdownload.macromedia.com/get/https://www.macromedia.cSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drfalse
                                                                                            		high
                                                                                            https://yx.3dmgame.com/page/microend/asbz/js/lr.jsgMiniClient.exe, 00000002.00000002.2497881411.0000000006584000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.0000000006584000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&fffMiniClient.exe, 00000002.00000002.2500414505.00000000070C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://crls1.wosign.com/ca6-code3.crl0OSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drfalse
                                                                                                  		high
                                                                                                  https://fpdownload.macromedia.com/get/flashplayer/update/current/activate/ood.xmlSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drfalse
                                                                                                    		high
                                                                                                    https://yx.3dmgame.com/yy/jz/microendmytime=1709789293&ver=3&MiniClient.exe, 00000002.00000002.2492678350.00000000023BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://yx.3dmgame.com/page/microend/jz/images/img.pngDXMiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.openssl.org/support/faq.htmlSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drfalse
                                                                                                          		high
                                                                                                          https://yx.3dmgame.com/yy/jz/microend?mMiniClient.exe, 00000002.00000003.1409639497.0000000006563000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://yx.3dmgame.com/news/15714.htmlMiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.wosign.com/policy/0SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drfalse
                                                                                                                		high
                                                                                                                https://yx.3dmgame.com/page/microend/jz/images/lihover.pngO_MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://yx.3dmgame.com/vip/zhifuMiniClient.exe, 00000002.00000003.1409512787.00000000070E2000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500593415.00000000070E4000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://dashif.org/guidelines/trickmode1SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drfalse
                                                                                                                    • 0%, Virustotal, Browse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://yx.3dmgame.com/page/microend/asbz/js/lr.jsA_MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&m/page/microend/jz/images/img.png...5MiniClient.exe, 00000002.00000002.2500616411.00000000070E9000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408881498.00000000070EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://yx.3dmgame.com/page/microend/jz/js/index.jsng&ver=3&MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://yx.3dmgame.com/zt/jz/MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exefalse
                                                                                                                            		high
                                                                                                                            https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&##MMiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://yx.3dmgame.com/page/microend/jz/images/third_btn.pnglMiniClient.exe, 00000002.00000002.2500414505.00000000070D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://yx.3dmgame.com/news/15695.htmlJMiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://auth.adobefpl.com/1/MiniClient.exe.0.drfalse
                                                                                                                                  • 0%, Virustotal, Browse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://yx.3dmgame.com/page/microend/jz/js/index.jsIMiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&##QMiniClient.exe, 00000002.00000003.1409789769.0000000006512000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&##PMiniClient.exe, 00000002.00000002.2497881411.0000000006564000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://my.3dmgame.com/agreemente=qMiniClient.exe, 00000002.00000002.2492678350.0000000002417000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://crls1.wosign.com/ca1.crl0gSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&ngsMiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://yx.3dmgame.comMiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409936472.000000000244E000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://yx.3dmgame.com/vip/zhifu?sign=jztmpSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, 00000000.00000002.1253682788.000000000241E000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://crls1.wosign.com/ca1.crl0kSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://microend.wan.360.cn/api/feedback/index?ver=%s&pkey=%s&gkey=%s&mid=%s&channelid=%s&options=%d&SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://yx.3dmgame.com/news/15748.htmlf/MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&##CMiniClient.exe, 00000002.00000003.1409789769.0000000006512000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&9iMiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://yx.3dmgame.com/page/microend/jz/js/index.jsiMiniClient.exe, 00000002.00000002.2497881411.0000000006584000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.0000000006584000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://ad.auditude.com/adserver/e?type=playererrorSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.drfalse
                                                                                                                                                              • 0%, Virustotal, Browse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://my.3dmgame.com/agreementMiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://youtube.com/drm/2012/10/10Flash32_29_0_0_171.ocx.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://yx.3dmgame.com/page/microend/jz/images/third_btn.png...6EuMiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://yx.3dmgame.com/page/microend/jz/js/index.jsWMiniClient.exe, 00000002.00000002.2497881411.0000000006584000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408700391.0000000006584000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://yx.3dmgame.com/page/microend/asbz/js/lr.js9293&ver=3&;MiniClient.exe, 00000002.00000002.2492678350.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&x?9tMiniClient.exe, 00000002.00000002.2495542201.00000000056BF000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&###MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&##s=MiniClient.exe, 00000002.00000002.2497396701.000000000650F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://www.macromedia.comSecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://yx.3dmgame.com/page/microend/asbz/js/lr.jsngKMiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://fpdownload2.macromedia.com/get/flashplayer/update/current/xml/version_SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, Flash32_29_0_0_171.ocx.0.dr, MiniClient.exe.0.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://yx.3dmgame.com/news/16177.htmlMiniClient.exe, 00000002.00000002.2500616411.00000000070E9000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.0000000002467000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1408881498.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2500616411.000000000711C000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2492678350.00000000023FC000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000002.2497396701.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409789769.0000000006525000.00000004.00000020.00020000.00000000.sdmp, MiniClient.exe, 00000002.00000003.1409912537.0000000002474000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://ocsp1.wosign.com/ca10.SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe, MiniClient.exe.0.drfalse
                                                                                                                                                                                        		high

                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                        Public IPs

                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                        183.131.158.108
                                                                                                                                                                                        		yx.3dmgame.comChina
                                                                                                                                                                                        		136190CHINATELECOM-ZHEJIANG-JINHUA-IDCJINHUAZHEJIANGProvincefalse

                                                                                                                                                                                        General Information

                                                                                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                        Analysis ID:1404509
                                                                                                                                                                                        Start date and time:2024-03-07 06:27:16 +01:00
                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                        Overall analysis duration:0h 6m 41s
                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                        Report type:full
                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                        Number of analysed new started processes analysed:17
                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                        Technologies:
                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                        Sample name:SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
                                                                                                                                                                                        Detection:CLEAN
                                                                                                                                                                                        Classification:clean8.winEXE@3/24@1/1
                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                        Warnings

                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                                                                        Simulations

                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                        06:28:13API Interceptor3x Sleep call for process: MiniClient.exe modified

                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                        IPs

                                                                                                                                                                                        No context

                                                                                                                                                                                        Domains

                                                                                                                                                                                        No context

                                                                                                                                                                                        ASNs

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        CHINATELECOM-ZHEJIANG-JINHUA-IDCJINHUAZHEJIANGProvinceSecuriteInfo.com.Win32.Malware-gen.31849.9616.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 122.226.44.132
                                                                                                                                                                                        SecuriteInfo.com.Win32.Packed.NoobyProtect.B.22954.14723.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 220.185.184.3
                                                                                                                                                                                        SecuriteInfo.com.Win32.Packed.NoobyProtect.B.22954.14723.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 220.185.184.3
                                                                                                                                                                                        https://www.2g1wsb.cn/IP:Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 220.185.184.16
                                                                                                                                                                                        https://www.2g1wsb.cn/IP:Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 220.185.184.16
                                                                                                                                                                                        https://cbcmcsnsmcbscoerd.agdvir.cn/IP:Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 220.185.184.16
                                                                                                                                                                                        SecuriteInfo.com.BScope.Adware.Softcnapp.24133.13453.exeGet hashmaliciousPoisonivyBrowse
                                                                                                                                                                                        • 60.163.171.1
                                                                                                                                                                                        SecuriteInfo.com.BScope.Adware.Softcnapp.24133.13453.exeGet hashmaliciousPoisonivyBrowse
                                                                                                                                                                                        • 60.163.172.1
                                                                                                                                                                                        SecuriteInfo.com.Trojan.Siggen22.58997.12513.10430.exeGet hashmaliciousPoisonivyBrowse
                                                                                                                                                                                        • 60.163.172.1
                                                                                                                                                                                        zD14KmNUNc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                        • 180.188.24.88

                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        37f463bf4616ecd445d4a1937da06e19Purchase List.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                        • 183.131.158.108
                                                                                                                                                                                        Update.jsGet hashmaliciousSocGholishBrowse
                                                                                                                                                                                        • 183.131.158.108
                                                                                                                                                                                        6009287162.vbsGet hashmaliciousXWormBrowse
                                                                                                                                                                                        • 183.131.158.108
                                                                                                                                                                                        6009287162.vbsGet hashmaliciousXWormBrowse
                                                                                                                                                                                        • 183.131.158.108
                                                                                                                                                                                        SW_PC_Interact2.3.5_Build6.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                        • 183.131.158.108
                                                                                                                                                                                        6009287162.vbsGet hashmaliciousXWormBrowse
                                                                                                                                                                                        • 183.131.158.108
                                                                                                                                                                                        Condensers.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                        • 183.131.158.108
                                                                                                                                                                                        PDFCreator-1_5_0_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 183.131.158.108
                                                                                                                                                                                        factura-022853.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                        • 183.131.158.108
                                                                                                                                                                                        OKaDvPJcTF.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                        • 183.131.158.108

                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                        No context

                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):49120
                                                                                                                                                                                        Entropy (8bit):0.0017331682157558962
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:Ztt:T
                                                                                                                                                                                        MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                                        SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                                        SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                                        SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\index[1].js

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):6509
                                                                                                                                                                                        Entropy (8bit):5.202877861113465
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:hnjcHFHvn3HotpbGsW3MEk/aDEqxUCNBcBW2d/XUwFBDYxKubg9kh:Rclf3YShVLBvCNXzn8/
                                                                                                                                                                                        MD5:2CEFF98278DE32BCC182FC64F19517C0
                                                                                                                                                                                        SHA1:6DD4F33D1AB16E636BE8A4173E97744550684322
                                                                                                                                                                                        SHA-256:A26C4A8EAD61654DE4104E723FAA42D2C05D174306FBC74983FEF7CE48FAE8A6
                                                                                                                                                                                        SHA-512:775F9724029949B517BEF8C34301390353E318AB332E75E54AA200C9A4596775C1350931CE7DE2EA03E38C7A1229A655A7F5A2A0C1AE1471AD24F65449F75F3F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:$(function(){.. if( $("#idcode").size()>=1 ){.. $.idcode.setCode();.. }.... if($(".lunboxlis ul li").size()>=1){.. jQuery(".lunboxlis").slide({mainCell:".bd ul",autoPage:true,effect:"left",vis:6});.... }..})..$(".login_Af .serve .btbox .bt .select .name").click(function(){.. $(this).parents(".select").find("ul").stop().slideToggle(200);..})..$(".login_Af .serve .btbox .bt .select ul li").click(function(){.. var tex=$(this).text();.. $(this).parents(".select").find(".name p").text(tex);.. $(this).parents(".select").find("ul").stop().slideToggle(200);..})....//.........function openregister(){.. $(".registerbox").show();.. $(".loginbox").hide();.. $("#warpMin").addClass("onregis");..}..//........function openlogin(){.. $(".registerbox").hide();.. $(".loginbox").show();.. $("#warpMin").removeClass("onregis");..}....// ..checked ....$(".ckbox").click(function(){.. $(this).find("span").toggleClass("

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\third_btn[1].png

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:PNG image data, 122 x 28, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):3713
                                                                                                                                                                                        Entropy (8bit):7.756741551586226
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:XASeZ1BdG/A7xJ6eX3xC5GEdmez/BkT6lrbg1:Hm1DGYh3xC9Eez5zlrbg1
                                                                                                                                                                                        MD5:D52047FB474ADBDE07CEBDCAD579B7B7
                                                                                                                                                                                        SHA1:49D76BAD24A677C5A9E7283D85F2E057C4BB4CCE
                                                                                                                                                                                        SHA-256:9090E1206B92B4212C5FF31F76F633A989520AAE118A0193321CBCBF15320349
                                                                                                                                                                                        SHA-512:5AEDB920B5F1C93499AA32EB588CFA88793B542E260A5CEE73C8672FD5A81253890640B46ECCA88B8261A6AAF2FBE22A7E4A5C951371F771FEA2151FB7AB2C72
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:.PNG........IHDR...z.................tEXtSoftware.Adobe ImageReadyq.e<...qiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:391bd654-9aa8-4c4a-8b54-86a9d4053877" xmpMM:DocumentID="xmp.did:43438C04D55811EAA2409D7074E7E7C2" xmpMM:InstanceID="xmp.iid:43438C03D55811EAA2409D7074E7E7C2" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:73c067f1-4e85-4e47-88e5-1076f94ada0e" stRef:documentID="xmp.did:391bd654-9aa8-4c4a-8b54-86a9d4053877"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx..[.TT...f.....%..QD4.%E.+z4

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\jq1.9[1].js

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:ASCII text, with very long lines (32097)
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):92525
                                                                                                                                                                                        Entropy (8bit):5.30246829595892
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:knu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUR:kdkWgoBhcZRQgmW42qm
                                                                                                                                                                                        MD5:F913A23D85148E1C51B516A59055B9BF
                                                                                                                                                                                        SHA1:3CFA110B82B94C1CF6D8EA78C75A8F3A1A75E0D9
                                                                                                                                                                                        SHA-256:5F3D271F06CCEE1BB096B32539DF7B66FA2A57DA75B666745C280D4DAA342F2E
                                                                                                                                                                                        SHA-512:BEF36EF9B8E1FBA05AD8DC4975656591257C1C24CE038DF68683CF992F9AF6BAF3C9A0D135445D4938620C5EC001D88D3458B9D160C0A0DFDBF32A4F4F039255
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:/*v1.9.1*/(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],:{}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"|true|false|null|-?(?:\d+\.|)\d+(?:[eE][+-]?\d+|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener||"load"===e.type||"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",H))};b.fn=b.prototype={jquery:p,constructor:b,init:function(e,n,r){var i,a;if(!e)return this;if("string"==type

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\lihover[1].png

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:PNG image data, 119 x 44, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):5601
                                                                                                                                                                                        Entropy (8bit):7.864323645913374
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:6JASeytt5EIV9JCfv3ZrxX6N8VsGpDtozOtpx2rWSY6tEJT+Avn8Ia6wD:IH9PGprxXk8VsIyMx26zv+8vU
                                                                                                                                                                                        MD5:395A0491DD3054EB971BDA1E77F2E6F3
                                                                                                                                                                                        SHA1:8F6D642AB5C881ECAE9D87C6DA01202D211E7DFE
                                                                                                                                                                                        SHA-256:7A635F189D079EBDF1B032D35F23E6796D090F6E18EEDCE8B0AA14FEE41C5620
                                                                                                                                                                                        SHA-512:A0823DC93EFCE2CB9431F5060B72DFAC8F75F1BDF1186CBE414575D2BCEE37B1AB935B0A033D19ABE5E9D3545489A3CD163532BCBAB0AF935FAE8DE9EE2629E7
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:.PNG........IHDR...w...,....._p'.....tEXtSoftware.Adobe ImageReadyq.e<...qiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:ae4bb44b-b505-4f14-8412-82720f11ba36" xmpMM:DocumentID="xmp.did:2E7F4AC169EA11EC857ECCAE0A2F5114" xmpMM:InstanceID="xmp.iid:2E7F4AC069EA11EC857ECCAE0A2F5114" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:592a4820-c4d9-da46-87b1-b254813541e5" stRef:documentID="xmp.did:ae4bb44b-b505-4f14-8412-82720f11ba36"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?><.......IDATx..\.,I..p...Y .....+>.OFb..

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\lr[1].js

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):10994
                                                                                                                                                                                        Entropy (8bit):5.056721677356079
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:192:tFXmdd86LutuQuwhmz04kLqB3wB3Gm274eY:t8dd86LunXpTeY
                                                                                                                                                                                        MD5:63478A5FA07732E95E19B865F130FE76
                                                                                                                                                                                        SHA1:D80407AEF2C8B04536F316986DB06E7D6782C9B0
                                                                                                                                                                                        SHA-256:AD020ADDB13BB7EFEAE47F5A5EFB551BD6E04ADB31814E560480AA01E388CB77
                                                                                                                                                                                        SHA-512:D8C8975E908EEEEC57C261564B107FBFC37F7573437C176C556E78A3E9DF56690B6B2C3309804223444289B660D28C1985F0C239B33C7829CCF038D58579846E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:.. var magic = function(obj){.... .mthis = this;.. .mthis.qqsrc = obj.qqsrc;.. .mthis.wechatsrc = obj.wechatsrc;.. .mthis.sinasrc = obj.sinasrc;......//.. (.tencent .weixin .sina ..).. .mthis.qqlogin = function(){.. ..$(document).on('click','.tencent',function(){.. ...$('.loginifm').attr('src',mthis.qqsrc);.. ...$('.loginifm').show();.. ..});.. .}.. .mthis.wechatlogin = function(){.. ..$(document).on('click','.weixin',function(){.. ...$('.loginifm').attr('src',mthis.wechatsrc);.. ...$('.loginifm').show();.... ..});.. .}.. .mthis.sinalogin = function(){.. ..$(document).on('click','.sina',function(){.. ...$('.loginifm').attr('src',mthis.sinasrc);.. ...$('.loginifm').show();.. ..});.. .}.. .mthis.init = function(){.. ..mthis.qqlogin();.. ..mthis.wechatlogin();.. ..mthis.sinalogin();.. .};.... .mthis.init();.. }.... var myloginmagic = function(ischeck){.. .mthis = this;.. .mthis.myu

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\microend[1].htm

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):8602
                                                                                                                                                                                        Entropy (8bit):5.0027729666947005
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:DlX8JwuxZVloeL4czoeekSRHCYE/CvpO1BmvDS0Ikbs:DlQwuxFo00xxA2zvDSebs
                                                                                                                                                                                        MD5:223F50B58E301AD5034F5355AE4F736E
                                                                                                                                                                                        SHA1:578FB367CF1C487EB296A3CC68A7169ED742BF94
                                                                                                                                                                                        SHA-256:4DF75E463686E061B2AC67BF8C262995D6CFBB19F38ACECC761E093EEE495C58
                                                                                                                                                                                        SHA-512:AEC887FBA3BF2957B75BE66DEE51912E8F8F17A38EC84492B109414898488F5B8F2DA38A3175CBBCBE15A3ECFFDD8132DD751111CE07FA6F5C2D400D6F14E48F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:..<!DOCTYPE html>..<html >..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>..</title>.. <meta http-equiv="pragma" content="no-cache">.. <meta http-equiv="cache-control" content="no-cache">.. <link rel="stylesheet" href="https://yx.3dmgame.com/page/microend/jz/css/base.css">.. <script src="https://yx.3dmgame.com/page/microend/jz/js/jq1.9.js"></script>.. <script src="https://yx.3dmgame.com/page/microend/jz/js/Slide.js"></script>..</head>..<body>..<div id="warpMin" class="clearfix">.. <div class="btnBox">.. <a href="https://yx.3dmgame.com/zt/jz/" target="_blank" class="btn homeBtn"><i class="ico_img "></i></a>.. <a href="https://yx.3dmgame.com/vip/zhifu" target="_blank" class="btn payBtn"><i class="ico_img "></i></a>.. <a href="https://yx.3dmgame.com/vip/customer" target="_blank" class="btn kefuBtn"><i class="ico_img "></i></a>.. <a href="https://bbs.3dmgame.com/fo

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Slide[1].js

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (11013), with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):11422
                                                                                                                                                                                        Entropy (8bit):5.64307632029077
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:192:j+K3b+EH+nqfhD9VUVjIItpfg5uXG3+1tSCl+7flvSXwaHxImISLTNSfYXH7Le2k:jNytnqflKFgEWulE8REcS3j/CkR1Xh3
                                                                                                                                                                                        MD5:CD674D9E02F20426D9ACF1D11C85539B
                                                                                                                                                                                        SHA1:74AB51A432E33698A7A627F05BAF749472B72CC3
                                                                                                                                                                                        SHA-256:496BDF2635C9F9494F51D0BA63C8A43E5B6DFB7C88B4426E6A56F577D945E3E9
                                                                                                                                                                                        SHA-512:C43C020DFB8B13C2560FD741F0FB110921657E4981C98256D5816E30470F29AD7CC43D86BB3D382CF394D0E9C842448972B30C88CD6B70FD0E45C3C954DF1914
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:/*!.. * SuperSlide v2.1.1 .. * ................. * .........http://www.SuperSlide2.com/.. *.. * Copyright 2011-2013, ...... *.. * .............. * ........................ * v2.1.1........SuperSlide....returnDefault:true ...defaultIndex........ */....!function(a){a.fn.slide=function(b){return a.fn.slide.defaults={type:"slide",effect:"fade",autoPlay:!1,delayTime:500,interTime:2500,triggerTime:150,defaultIndex:0,titCell:".hd li",mainCell:".bd",targetCell:null,trigger:"mouseover",scroll:1,vis:1,titOnClassName:"on",autoPage:!1,prevCell:".prev",nextCell:".next",pageStateCell:".pageState",opp:!1,pnLoop:!0,easing:"swing",startFun:null,endFun:null,switchLoad:null,playStateCell:".playState",mouseOverStop:!0,defaultPlay:!0,returnDefault:!1},this.each(function(){var c=a.extend({},a.fn.slide.defaults,b),d=a(this),e=c.effect,f=a(c.prevCell,d),

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\img[1].png

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:PNG image data, 276 x 178, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                        Category:modified
                                                                                                                                                                                        Size (bytes):94326
                                                                                                                                                                                        Entropy (8bit):7.994469159771429
                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                        SSDEEP:1536:7Mo9TSLTY34yMc+Br6kAj6/MidiE/FQ2K2XRRvagk5FK1lNPDI/UxvM47EAJZdSD:7Mo9TyTYoyOwXj6xdiE/FQ2v/vNPD3Mh
                                                                                                                                                                                        MD5:0445FD35867C77754CAB8843150F4851
                                                                                                                                                                                        SHA1:3008435DC491D08FE38A815ACABB23E9A99A75AC
                                                                                                                                                                                        SHA-256:54363A5C8E5BFAB2049771F06A9836CFD88829AE03067DE3EE96C4B1FABE59B2
                                                                                                                                                                                        SHA-512:896FF08216C43E28E7392E52A14A00FF3F803A2547208DB9A1CCCE13BBF795D95382B066F4547DB872968BA919E6F72408EEB3EDA1210799B4BBBE102240AA51
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:.PNG........IHDR.............. .i....tEXtSoftware.Adobe ImageReadyq.e<...qiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:ae4bb44b-b505-4f14-8412-82720f11ba36" xmpMM:DocumentID="xmp.did:43FF606969EB11ECAAA18C6D6755662F" xmpMM:InstanceID="xmp.iid:43FF606869EB11ECAAA18C6D6755662F" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:592a4820-c4d9-da46-87b1-b254813541e5" stRef:documentID="xmp.did:ae4bb44b-b505-4f14-8412-82720f11ba36"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.t.L..l.IDATx.T.i.$.q%.w.%..TUWUw.....C.(

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\name_i[1].png

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:PNG image data, 18 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1847
                                                                                                                                                                                        Entropy (8bit):7.264773180870793
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:Yr1h4SHWwh82lYSKwYXHxVMT3XyJ3VKYXwG5Cc92gBqGpl2z5gm0m5V4gVgc2hMD:YRKS2vnLP2eJ3CaYGaN00/Vgc2ITsJ2
                                                                                                                                                                                        MD5:586697E49E7F954E52410178A4103557
                                                                                                                                                                                        SHA1:B2949A2210B164B28F54922A12BFC2E0253CBA1F
                                                                                                                                                                                        SHA-256:FA20D8488F516E8055E2FA73ADE4EEFC5751336FD38FBF4BE5D69E24992D09CA
                                                                                                                                                                                        SHA-512:A9DB12EBADC8A73A57F2EA90EF18EC6EED915D868FF7ACBD8ACC35A1BCB2891AA35DC491D4C9799F72C6A430F58B8F9CEC64B80509F494CE2B49FB6C1B928BBC
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:.PNG........IHDR...............].....tEXtSoftware.Adobe ImageReadyq.e<...qiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:ae4bb44b-b505-4f14-8412-82720f11ba36" xmpMM:DocumentID="xmp.did:0EA380C169EB11ECA4DDFCCF4A06524F" xmpMM:InstanceID="xmp.iid:0EA380C069EB11ECA4DDFCCF4A06524F" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:592a4820-c4d9-da46-87b1-b254813541e5" stRef:documentID="xmp.did:ae4bb44b-b505-4f14-8412-82720f11ba36"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..q....\IDATx..O..e...d._f&.d.I..u....

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\base[1].css

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (381)
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):12960
                                                                                                                                                                                        Entropy (8bit):5.124087563339475
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:tmqf5sByu5Z+tJCYEU6SaeXXyHmbBFJboZ/X7t1Q:Jf6ByCYEU60XxboZP5u
                                                                                                                                                                                        MD5:D63F1A087F50D8C2CBB8EC058DB58E58
                                                                                                                                                                                        SHA1:D09D4BEFC0FF0F8BB9520B2C987F0D8048397DDD
                                                                                                                                                                                        SHA-256:95ACF4A77E69CACDF7474EE990FEBB0433FA9F036158A49E54145658354A263F
                                                                                                                                                                                        SHA-512:31C1503BB2EE4A8E32C9CF17AE103598C432E025E40F6FE5CE5DBEE37D86D9640DBACBDE60C9F04CA5AFAD19C336964550F423019ABE9E914E766969A7F4EBAF
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:/*reset*/body,button,input,select,textarea {font: 12px/1.5 "";}.sub,sup {line-height:0;}.body,h1,h2,h3,h4,h5,h6,dl,dt,dd,ul,ol,li,th,td,p,blockquote,pre,form,fieldset,legend,input,button,textarea,hr {margin:0;padding:0;}.table {border-collapse:collapse;border-spacing:0;}.li {list-style:none;}.fieldset,img {border:0;}.img {vertical-align:middle;}.input,textarea {outline-style:none;}.textarea {resize:none;}.address,caption,cite,code,dfn,em,i,th,var {font-style:normal;font-weight:normal;}.a {text-decoration:none;outline:none;}.a:hover {text-decoration:underline;}..hide {display:none;}..clearfix:after {content:".";display:block;height:0;clear:both;visibility:hidden;}..clearfix {zoom:1;}..ico_img {background:url("../images/icoimg.png") no-repeat center;}.#warpMin {background:url("../images/bj1.png") no-repeat center;display:block;width:590px;height: 480px;overflow:hidden;position:relative; background-position: 0 0;}.#warpMin.server{background-image: url("../images/bj2.png");} ...btnBox{heig

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\bj1[1].png

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:PNG image data, 590 x 480, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):225688
                                                                                                                                                                                        Entropy (8bit):7.995458666502908
                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                        SSDEEP:6144:mFYy7m2VfDjTglp0ArKWmac2gOUkuIjpbT0qJp:AmAfDj0H6ILu2Tf
                                                                                                                                                                                        MD5:29B4BD3CF6BAC7ECC5173768A687A9EF
                                                                                                                                                                                        SHA1:7E2D9D13C4DFDD9927CAEE0DC605BB5E02BE7FB2
                                                                                                                                                                                        SHA-256:1A46429F6D0D5C1FBBFBCA449760BF8D235B52B0F4D79FCB04F550D2EEB205A7
                                                                                                                                                                                        SHA-512:16B9B64EA40E4206E979F5ECDBA5A27E473765C93B465DDB8A92EDB0CE02F0DB4C924C733E3D65A5C0E5D6E917A4A65AE689197ABB45C141314B3EA90F58DE95
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.PNG........IHDR...N.........S.......tEXtSoftware.Adobe ImageReadyq.e<...xiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:ae4bb44b-b505-4f14-8412-82720f11ba36" xmpMM:DocumentID="xmp.did:B8F62EA369E411ECBCA3ABFF5E936D29" xmpMM:InstanceID="xmp.iid:B8F62EA269E411ECBCA3ABFF5E936D29" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:592a4820-c4d9-da46-87b1-b254813541e5" stRef:documentID="xmp.did:ae4bb44b-b505-4f14-8412-82720f11ba36"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..]..m.IDATx..i...u.v..}..~o.mV.

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\icoimg[1].png

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:PNG image data, 357 x 339, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):77414
                                                                                                                                                                                        Entropy (8bit):7.974693973031212
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:4Jtkngm7DqnIJIMHrBJiHDMwsqSYccJC5ZPeoZPBkKj8UT4:8mYIJnkjXcUJwZP5Z5vj8o4
                                                                                                                                                                                        MD5:D66D41D74741D96E9484728ACFF06ED1
                                                                                                                                                                                        SHA1:BA7A61F9E8F922DACD40035F1B68343DCF45DAE7
                                                                                                                                                                                        SHA-256:6473BA4EC43F75E3BDD3693D5FB64C7B9B59299A8B436C1B5BABFF5B0CC9A02E
                                                                                                                                                                                        SHA-512:086435AA97B6442985D1839F2B2591C4DC71C942C8F6CDCB693857141C117944C80DE8DC520BE600FB874F28A5DCA7DE4BD70611E15ED17E852B7D3DA7C7C135
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.PNG........IHDR...e...S............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^......-.....]{..[...%.A....9.s.4.f.F.(g....`r..c..`...wm..y..=.s..z..H..K..}..\.]....>U.o5.6...g?..N.1w}...)]*.?.?.=..3C.~..i.sb.....z..q....9.S..~,.O.%..O>.d#].KIc.Ye.....2.Q..Y<.....y...^...u.}...r~..=..c..k.U>=f.....e......d.U...e.O.q..@v.c....g+.]...~..v.g?aw....c...........[..?......j.....P]T.+C........y<.s*.:W..s...\..q..l.#..p.rS....o..z...........O....04nzZ,5H.u.7t..9n\%w}.?U.`.....Z...v.T..~KXI....ksX......t..:.0.r.s.<.3.......u........U.r..q.......W..|.:.._....'....i...Mr...'>...O~.={...O..{.?..a...G....9........}.(..GE+.i.............._...i].wo.....~_>..W..WzN:....J......?.n...Ze(s.........#.h..|...{.kY..........$G..A...{..!x.t_.|...X..u.$..$W...u....O..<m..&.|....#qS........P9'....#.Hj.R~.......dq....w@~.S..O......g...l.A..~.....h5...Gr@F).'(...>.F..{[....G.R..q..|0.+..Mup.<..,..3.C<.?.\.>9.c....wW>N\.9...*..wN...S..A..}..#..

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\GH_1EBE.tmp

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (869), with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):893
                                                                                                                                                                                        Entropy (8bit):5.574151663635437
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:2dhy5GiDCC5vqsqJi7EUX87EWhVOWpzNW+BWO5PsZR:chQDCC5vnqJUEUX87H4R
                                                                                                                                                                                        MD5:388AA031CE9226133D436591BF387A1C
                                                                                                                                                                                        SHA1:87DE6709CAFD46CA946A784DFE57811AA20CA02B
                                                                                                                                                                                        SHA-256:CF8BE59A9EB914C8248AB07BAFDD3ECC45CEC0E2206DD093673029C324D4A505
                                                                                                                                                                                        SHA-512:945A256376DBC28F8B7DC37EC36B0279D45BAEE265497FC9EFF9DCC558023880EE30E24C5433240D3926672114AFD53E3CC44C324210249CFFFD4D5AA329B8A3
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?><CLIENTCONFIG><CONFIG userInfoUrl="" userInfoApi="" serverParamName="server_id=S" usermd5fmt="12114" channelNum="" configParam="" loginCheck="" pluginClsID="{1B030824-BDBC-41C8-9F7E-DE124FB14860}" pluginFileName="\plugin\GamePlugin\GamePlugin.dll" pluginProgID="AVENGER.AvengerCtrl.1" pluginUrl="" statisticsUrl="http://r.yx-s.net/b/weiduan/s/" runPlugin="" startUpUrl="" installUrl="" imClass="LCB_CLASS" quitTip="........?" infoPath="\LYGame\install.inf" pwKey="" tipClass="" pKey="" version="3" channelid="" inner_url="https://yx.3dmgame.com/yy/jz/microend" payment_url="https://yx.3dmgame.com/vip/zhifu?sign=jz" home_url="https://yx.3dmgame.com/zt/jz/" service_url="https://yx.3dmgame.com/vip/customer" shortcut_name=".." platform="3dmgame" gameCheck="login2.xfq.g.1360.com" game_title=".." gKey="xfq" /></CLIENTCONFIG>

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\GH_25D3.tmp

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (869), with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):893
                                                                                                                                                                                        Entropy (8bit):5.574151663635437
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:2dhy5GiDCC5vqsqJi7EUX87EWhVOWpzNW+BWO5PsZR:chQDCC5vnqJUEUX87H4R
                                                                                                                                                                                        MD5:388AA031CE9226133D436591BF387A1C
                                                                                                                                                                                        SHA1:87DE6709CAFD46CA946A784DFE57811AA20CA02B
                                                                                                                                                                                        SHA-256:CF8BE59A9EB914C8248AB07BAFDD3ECC45CEC0E2206DD093673029C324D4A505
                                                                                                                                                                                        SHA-512:945A256376DBC28F8B7DC37EC36B0279D45BAEE265497FC9EFF9DCC558023880EE30E24C5433240D3926672114AFD53E3CC44C324210249CFFFD4D5AA329B8A3
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?><CLIENTCONFIG><CONFIG userInfoUrl="" userInfoApi="" serverParamName="server_id=S" usermd5fmt="12114" channelNum="" configParam="" loginCheck="" pluginClsID="{1B030824-BDBC-41C8-9F7E-DE124FB14860}" pluginFileName="\plugin\GamePlugin\GamePlugin.dll" pluginProgID="AVENGER.AvengerCtrl.1" pluginUrl="" statisticsUrl="http://r.yx-s.net/b/weiduan/s/" runPlugin="" startUpUrl="" installUrl="" imClass="LCB_CLASS" quitTip="........?" infoPath="\LYGame\install.inf" pwKey="" tipClass="" pKey="" version="3" channelid="" inner_url="https://yx.3dmgame.com/yy/jz/microend" payment_url="https://yx.3dmgame.com/vip/zhifu?sign=jz" home_url="https://yx.3dmgame.com/zt/jz/" service_url="https://yx.3dmgame.com/vip/customer" shortcut_name=".." platform="3dmgame" gameCheck="login2.xfq.g.1360.com" game_title=".." gKey="xfq" /></CLIENTCONFIG>

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\GH_2789.tmp

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (598), with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):608
                                                                                                                                                                                        Entropy (8bit):4.985104295531085
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12:TMHdaclKKrvZOchB/nW8ujgOguYMYNWTqANi0RqlfPuA4q9mYTIvLyAvc5IS1dbP:2dYOZOqBfWtjhdYMCWT754lfPuOm2ayF
                                                                                                                                                                                        MD5:58DD64469E56CC0D7EB6EF1F9724F77D
                                                                                                                                                                                        SHA1:CE4466B6AD9C1936DAE5755E139AF95C98EC8DFF
                                                                                                                                                                                        SHA-256:A61FE5850A5FD4BB5732272B9A7C76570538B5F0C7FDE0E1E2BEA47D432F73E3
                                                                                                                                                                                        SHA-512:0AF47864ADE04449CE89C66D79002096D4BBCA194D4DADEC1459ECA209ED6A32D03C8C2BF24426C972F9BB28E9119A263DB1D0F033B63E0ECE1CC551915B0FD6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?><window id="id_main" type="out" title="" textcolor="255,255,204" left="0" top="0" width="1105" height="632" center="1" frame="BG" style="2248146944" style_ex="0" icon="" visible="1" frameCorner="10,30,20,40"><button id="id_titlemini" title="" tip="..." left="915" top="106" width="28" height="28" xAlignment="left" image="MAIN_MIN"/><button id="id_titleclose" title="" tip=".." left="942" top="100" width="34" height="33" xAlignment="left" image="MAIN_CLOSE"/><browser id="id_browser" title="" tip="" left="300" top="132" width="590" height="480" /></window>

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\GH_2807.tmp

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):236
                                                                                                                                                                                        Entropy (8bit):5.010173029765649
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:6:JiMVBdTt/LUAqKQTqDfh3XteWSByqk4gJqAF3y:MMHdRDUlKK+hntelyOgM
                                                                                                                                                                                        MD5:E704C938C51F0435357030FFE6631534
                                                                                                                                                                                        SHA1:6687FC229273C8B48393A2B1C767183440B3C027
                                                                                                                                                                                        SHA-256:C3C0F1CCC4EDD14AEED43307D1F029702D9872995133C33C97C1E572DDCA4E9B
                                                                                                                                                                                        SHA-512:10F26C96486E210033861DC8D19E26FC8A5D4BAD8DD4ABDAE7A429368401D26ABBA94696A384694F6433E6874D76E26114A656247D5DFD1777E650637961ACCB
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8" ?>.<window id="" type="out" title="" left="0" top="0" width="1" height="1" center="1" frame="MAINFRAME_BKG" style="2248146944" style_ex="0" icon="" visible="1" frameCorner="0,0,0,0"> .</window>.

                                                                                                                                                                                        C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\360Base.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):905392
                                                                                                                                                                                        Entropy (8bit):6.705950699822254
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:IV/A7xxQeeAZ9m8X8eFvur707QdBR5kT7ND3ubjhACHRU8g864xWvyT5S7D3+D:IVA7xtbqeFvlQdBo3syORUz8VJT5i3Y
                                                                                                                                                                                        MD5:31C498D88A2D9230EA506EBEFD3B1B10
                                                                                                                                                                                        SHA1:49D7EDD527AD14CD1E6AEAA024E22E64DB50083E
                                                                                                                                                                                        SHA-256:FCB91D95A82421524236ACF010919C6AB07CDCB150B05381ED8D932094EC0316
                                                                                                                                                                                        SHA-512:3CDB53481735D464E5D0DE3601CCF380527FEC99B2E26A59928B7F5207EB7F3183E62885A85C52B4D1CC4DFE17A49A38C6D3EA0265DE9096D920A67B431450D5
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;]a.Z32.Z32.Z32.".2.Z32.".2.Z32..^2.Z32..H2.Z32.Z22QZ32.".2.Z32.".2.[32.".2.Z32...2.Z32.".2.Z32Rich.Z32........PE..L.....V...........!.....F...j...............`............................... ......t<....@..........................B..^....0.......`.......................p..|....c...............................................`..<............................text....D.......F.................. ..`.rdata.......`.......J..............@..@.data........P......................@....rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\Flash32_29_0_0_171.ocx

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):20248064
                                                                                                                                                                                        Entropy (8bit):7.0183225471547495
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:393216:jiWcrE+N29tz2cDhctoqfv42GhoxAq8kZ/Pnin2um6h/rhg03X1nqW4A0yd:jiWc4+N8tkv42GhoxAcs/rhtXdN42
                                                                                                                                                                                        MD5:6D6C99EDA0C81C2935883184BFF744DA
                                                                                                                                                                                        SHA1:B69BDACF7EE4FFE41EF3B04628A7412CE2FFAE3F
                                                                                                                                                                                        SHA-256:5A539C29C2E684E95C4BB79587257D85F0C0D7A3AC8B2656DAC232A47D236097
                                                                                                                                                                                        SHA-512:24693D6CC4E7E79A1C8EC5E6CA8FB6542E1C2B3F6C7D23716D1351D55EFFB1C0FC70CA5024C091E5D48B2169507769BB376805F056361048F24000C47E758B07
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......~.|.:...:...:...$...?.......9...:...$...3...(....6|.;.....O.8.....r.;....6i.....:........6.."...3.......3...{...3...8...3...;...$...;...:...9...3...;...Rich:...................PE..L....].Z...........!..........^.....Q.........................................E.....`.5...@.............................5.............0.D!............4.......9.\R..@...............................8...@............................................text............................... ..`.rodata............................. ..`.rdata...)<......*<.................@..@.data....|..........................@....rsrc...D!....0.."...~ .............@..@.reloc...6....9..8....).............@..B................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\GameRender.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):657416
                                                                                                                                                                                        Entropy (8bit):6.481893920555872
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:xV0W6tbSBDGGYVUAMmEHDTJ7GfOKKUmcThZ3xE0YRqwq:wptWBSPEv9GfOamcTv3y0kqwq
                                                                                                                                                                                        MD5:6677B51A9BCE55516A16461BD53F679B
                                                                                                                                                                                        SHA1:41BB5EA9AE26D924CFCD279CDFC38A063C3706B0
                                                                                                                                                                                        SHA-256:A34C01C6B896F76E428BACFADC3B587FC719BD37B290E4A3EE0DFD4BF4E66984
                                                                                                                                                                                        SHA-512:E76BAB1460F1D454F6E2D9F8BAFAC87FD6C515DE0825C2186DE5127CDCF3441947D3562994880550D2F615C24F513EAD0F61AD7968A1968FB53258F0A8B57BD2
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......8p.W|.e.|.e.|.e.%2v.~.e...:.}.e..^..z.e.ui..b.e.[...}.e.bC..y.e.ui....e.ui..$.e.[...l.e.[...W.e.|.d...e.ui....e.ui..}.e.bC..}.e.ui..}.e.Rich|.e.................PE..L......`...........!.....p...................................................0............@..........................,..L.......@....`...................L...`..hX..................................0v..@............................................text....o.......p.................. ..`.rdata..L............t..............@..@.data...<!...0......."..............@....rsrc........`......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):23828992
                                                                                                                                                                                        Entropy (8bit):7.055199014774409
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:393216:4CniWcrE+N29tz2cDhctoqfv42GhoxAq8kZ/Pnin2um6h/rhg03X1nqW4A0ySQyG:fniWc4+N8tkv42GhoxAcs/rhtXdN4wp
                                                                                                                                                                                        MD5:BFC65CE21E22544286826E26A5EC45EF
                                                                                                                                                                                        SHA1:E27DC55C11A9B10CA3966F1F7FEC14E064C7D717
                                                                                                                                                                                        SHA-256:DBEA63A5288AD81E108DB81AB75B9B78F60469FACB9FE7EF768C6A3F7710D5EB
                                                                                                                                                                                        SHA-512:9866B4573795264972ABF7C31F7056CDC17EDC4C249FBA487A0C583866991CC168ECB2E8E95C6ED2BB3F9E31BD4F485AE7264E7D555DCCCF573417B1B50FC7B3
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 3%, Browse
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T@.T@.T@..wS.T@..\..T@.2...T@.,..T@....T@.,..HT@...T@.,...T@.-.T@.;.T@.TA..V@.,...T@....T@.,..T@.Rich.T@.................PE..L...+..`......................c.....C.............@...........................k.....b.l...@.................................l...T........)_...........k......0j.....0................................)..@............................................text...0........................... ..`.rdata...|.......~..................@..@.data...X....@...f...2..............@....rsrc....)_......*_.................@..@.reloc......0j.......i.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe:Zone.Identifier

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):26
                                                                                                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                        C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\cfg.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                        Category:modified
                                                                                                                                                                                        Size (bytes):167
                                                                                                                                                                                        Entropy (8bit):4.818652174858166
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:W1M+J6gBnDrsN12FVyn5FYIvJBRPQVXToN2wgLw7UQSwkI0XNI/UcR/vXh:qM2X616VC5FYIvPwToNH7UHwW9I/Uct5
                                                                                                                                                                                        MD5:83CA3A223FF85522BB7089F88F7B10D0
                                                                                                                                                                                        SHA1:AB86A3DDA4471691C1E7292F0449AAD321CD2DC9
                                                                                                                                                                                        SHA-256:00A4A5549AC1D4675E63394991D949D21BEBEBD0BD3DC56B822BF156A1D9BC88
                                                                                                                                                                                        SHA-512:291AE1F0A23F00AEE2E333D531B6A8BB7D26C0306AF551832AAE7B90A04A43B54BD9F8EDF6114A7666F09D8FC0395C30D8657150397BAC35D4BAD94B5EFD91CD
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:[inst]..360Base.dll=bdee78cb14d5394e41e72846e169ea60..GameRender.dll=7891d82b815d71a9860d2dfca6902db0..Flash32_29_0_0_171.ocx=4836cb79d6503284721fcffcb1ed194c..suc=1..

                                                                                                                                                                                        C:\Users\user\Desktop\??.lnk

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Mar 7 04:28:11 2024, mtime=Thu Mar 7 04:28:11 2024, atime=Thu Mar 7 04:28:09 2024, length=23828992, window=hideshowminimized
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):955
                                                                                                                                                                                        Entropy (8bit):5.023547118201714
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12:8xNd4fsON+2ChUhi1Y//Vio+JLA6l5qUW2YjAjNHQzDCMJ/l5b5zsJwJzBmV:8r6k23h9Q1FLqfnAmRdZsJwJtm
                                                                                                                                                                                        MD5:42F362F9DB8499C849D58DB10F125694
                                                                                                                                                                                        SHA1:129581675B6FD273A1935B795E04521A880D402E
                                                                                                                                                                                        SHA-256:781F1609A6405C93C35B7751D4DE4655BEEE242015708D6FE7193FA8CD1CD809
                                                                                                                                                                                        SHA-512:8AC134969270BABE58B23FEDACB5D41C2081B0FA15CC3C59CDA47027166385CE695B8FD7F8C349B531362364737CD9C6323C97C4E5B7BF6BFE654E99F02919B7
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:L..................F.... ...2..?Pp.....?Pp.....=Pp....k.......................:..DG..Yr?.D..U..k0.&...&......Qg.*_....J!:Pp....u?Pp......t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=gX.+..........................3*N.A.p.p.D.a.t.a...B.V.1.....gX.+..Roaming.@......EW.=gX.+...........................%f.R.o.a.m.i.n.g.....l.1.....gX.+..WANWD-~1..T......gX.+gX.+....)......................%f.W.a.n.W.D.-.x.f.q.-.3.d.m.g.a.m.e.....j.2...k.gX.+ .MINICL~1.EXE..N......gX.+gX.+..............................M.i.n.i.C.l.i.e.n.t...e.x.e.......r...............-.......q...........2m./.....C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe..3.....\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.W.a.n.W.D.-.x.f.q.-.3.d.m.g.a.m.e.\.M.i.n.i.C.l.i.e.n.t...e.x.e.`.......X.......390120...........hT..CrF.f4... ..../Tc...,......hT..CrF.f4... ..../Tc...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                        Static File Info

                                                                                                                                                                                        General

                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Entropy (8bit):7.055199014774409
                                                                                                                                                                                        TrID:
                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 96.88%
                                                                                                                                                                                        • DirectShow filter (201580/2) 1.95%
                                                                                                                                                                                        • Windows ActiveX control (116523/4) 1.13%
                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                        File name:SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
                                                                                                                                                                                        File size:23'828'992 bytes
                                                                                                                                                                                        MD5:bfc65ce21e22544286826e26a5ec45ef
                                                                                                                                                                                        SHA1:e27dc55c11a9b10ca3966f1f7fec14e064c7d717
                                                                                                                                                                                        SHA256:dbea63a5288ad81e108db81ab75b9b78f60469facb9fe7ef768c6a3f7710d5eb
                                                                                                                                                                                        SHA512:9866b4573795264972abf7c31f7056cdc17edc4c249fba487a0c583866991cc168ecb2e8e95c6ed2bb3f9e31bd4f485ae7264e7d555dcccf573417b1b50fc7b3
                                                                                                                                                                                        SSDEEP:393216:4CniWcrE+N29tz2cDhctoqfv42GhoxAq8kZ/Pnin2um6h/rhg03X1nqW4A0ySQyG:fniWc4+N8tkv42GhoxAcs/rhtXdN4wp
                                                                                                                                                                                        TLSH:6337D033E7C3C072D59B20F9843AD72E5578A621072048C7A7C46D6A6A75BD37A3D28F
                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T@..T@..T@..wS..T@..\...T@.2....T@..,...T@......T@..,..HT@......T@..,...T@...-..T@...;..T@..TA..V@..,...T@......T@..,...T@

                                                                                                                                                                                        File Icon

                                                                                                                                                                                        Icon Hash:d949cd4c6c594cc8

                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                        General

                                                                                                                                                                                        Entrypoint:0x45c443
                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                        Time Stamp:0x60ECFA2B [Tue Jul 13 02:27:55 2021 UTC]
                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                        Import Hash:b7dba4f93f0e91e2e7524d2d9ca27a55

                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                        Signature Valid:true
                                                                                                                                                                                        Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                        Signature Validation Error:The operation completed successfully
                                                                                                                                                                                        Error Number:0
                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                        • 30/12/2021 01:00:00 05/01/2023 00:59:59
                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                        • CN=\u6210\u90fd\u5149\u7130\u4e92\u5a31\u79d1\u6280\u6709\u9650\u8d23\u4efb\u516c\u53f8, O=\u6210\u90fd\u5149\u7130\u4e92\u5a31\u79d1\u6280\u6709\u9650\u8d23\u4efb\u516c\u53f8, L=\u6210\u90fd\u5e02, S=\u56db\u5ddd\u7701, C=CN
                                                                                                                                                                                        Version:3
                                                                                                                                                                                        Thumbprint MD5:4CF85ED9D6665169DB6EF4ECD1ABEDCB
                                                                                                                                                                                        Thumbprint SHA-1:B30F763DBAA83EE248B57841710991CA0E6E94E9
                                                                                                                                                                                        Thumbprint SHA-256:5B676715451D3BBFE1660178D5C38A9D8EA5A81E2FB12F24E65F5EB3ACA5792B
                                                                                                                                                                                        Serial:07F2664C6E021C5280AAC146A0F88ABA

                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                        Instruction
                                                                                                                                                                                        call 00007F0B70F74CD1h
                                                                                                                                                                                        jmp 00007F0B70F663EEh
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        mov edx, dword ptr [esp+0Ch]
                                                                                                                                                                                        mov ecx, dword ptr [esp+04h]
                                                                                                                                                                                        test edx, edx
                                                                                                                                                                                        je 00007F0B70F665DBh
                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                        mov al, byte ptr [esp+08h]
                                                                                                                                                                                        test al, al
                                                                                                                                                                                        jne 00007F0B70F66588h
                                                                                                                                                                                        cmp edx, 00000100h
                                                                                                                                                                                        jc 00007F0B70F66580h
                                                                                                                                                                                        cmp dword ptr [004AE3F8h], 00000000h
                                                                                                                                                                                        je 00007F0B70F66577h
                                                                                                                                                                                        jmp 00007F0B70F74D8Ah
                                                                                                                                                                                        push edi
                                                                                                                                                                                        mov edi, ecx
                                                                                                                                                                                        cmp edx, 04h
                                                                                                                                                                                        jc 00007F0B70F665A3h
                                                                                                                                                                                        neg ecx
                                                                                                                                                                                        and ecx, 03h
                                                                                                                                                                                        je 00007F0B70F6657Eh
                                                                                                                                                                                        sub edx, ecx
                                                                                                                                                                                        mov byte ptr [edi], al
                                                                                                                                                                                        add edi, 01h
                                                                                                                                                                                        sub ecx, 01h
                                                                                                                                                                                        jne 00007F0B70F66568h
                                                                                                                                                                                        mov ecx, eax
                                                                                                                                                                                        shl eax, 08h
                                                                                                                                                                                        add eax, ecx
                                                                                                                                                                                        mov ecx, eax
                                                                                                                                                                                        shl eax, 10h
                                                                                                                                                                                        add eax, ecx
                                                                                                                                                                                        mov ecx, edx
                                                                                                                                                                                        and edx, 03h
                                                                                                                                                                                        shr ecx, 02h
                                                                                                                                                                                        je 00007F0B70F66578h
                                                                                                                                                                                        rep stosd
                                                                                                                                                                                        test edx, edx
                                                                                                                                                                                        je 00007F0B70F6657Ch
                                                                                                                                                                                        mov byte ptr [edi], al
                                                                                                                                                                                        add edi, 01h
                                                                                                                                                                                        sub edx, 01h
                                                                                                                                                                                        jne 00007F0B70F66568h
                                                                                                                                                                                        mov eax, dword ptr [esp+08h]
                                                                                                                                                                                        pop edi
                                                                                                                                                                                        ret
                                                                                                                                                                                        mov eax, dword ptr [esp+04h]
                                                                                                                                                                                        ret
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        push 0045C530h
                                                                                                                                                                                        push dword ptr fs:[00000000h]
                                                                                                                                                                                        mov eax, dword ptr [esp+10h]
                                                                                                                                                                                        mov dword ptr [esp+10h], ebp
                                                                                                                                                                                        lea ebp, dword ptr [esp+10h]
                                                                                                                                                                                        sub esp, eax
                                                                                                                                                                                        push ebx
                                                                                                                                                                                        push esi
                                                                                                                                                                                        push edi
                                                                                                                                                                                        mov eax, dword ptr [004A4168h]
                                                                                                                                                                                        xor dword ptr [ebp-04h], eax
                                                                                                                                                                                        xor eax, ebp
                                                                                                                                                                                        push eax
                                                                                                                                                                                        mov dword ptr [ebp-18h], esp
                                                                                                                                                                                        push dword ptr [ebp-08h]
                                                                                                                                                                                        mov eax, dword ptr [ebp-04h]
                                                                                                                                                                                        mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                        mov dword ptr [ebp-08h], eax
                                                                                                                                                                                        lea eax, dword ptr [ebp-10h]

                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                        • [ASM] VS2008 SP1 build 30729
                                                                                                                                                                                        • [C++] VS2008 build 21022
                                                                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                        • [C++] VS2005 build 50727
                                                                                                                                                                                        • [C++] VS2008 SP1 build 30729
                                                                                                                                                                                        • [ C ] VS2005 build 50727
                                                                                                                                                                                        • [IMP] VS2005 build 50727
                                                                                                                                                                                        • [RES] VS2008 build 21022
                                                                                                                                                                                        • [LNK] VS2008 SP1 build 30729

                                                                                                                                                                                        Data Directories

                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xa146c0x154.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x15f29b8.rsrc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x16b82000x1800.reloc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x16a30000xa1a4.reloc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x7c8300x1c.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x929180x40.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x7c0000x710.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                        Sections

                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                        .text0x10000x7ae300x7b00052e82b3ff2f6d326894aa38024afed4fFalse0.5351026581554879data6.62547588712268IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .rdata0x7c0000x27c1a0x27e001df513b6a22643979fdff6ab61384a4aFalse0.3475644102664577data5.168515091652843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .data0xa40000xb5580x6600bc80250bf666d2e60e3dc66e36cf899bFalse0.22905177696078433data3.991528807934014IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .rsrc0xb00000x15f29b80x15f2a00e1c7c13ac6df315b8b536d7940220fb6unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .reloc0x16a30000x1bfd60x1c00061ad87c0f0c983437c78b9551585bcd7False0.19188581194196427data3.2193320153915796IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                        Resources

                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                        DATA0xb147c0x78bGeneric INItialization configuration [CLSID]ChineseChina0.35680994303469704
                                                                                                                                                                                        DATA0xb1c080xdd0b0PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsChineseChina0.4729929135667203
                                                                                                                                                                                        DATA0x18ecb80x134f600PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsChineseChina0.5654478073120117
                                                                                                                                                                                        DATA0x14de2b80xa0808PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsChineseChina0.5210718935955316
                                                                                                                                                                                        XML0x157eac00x37dXML 1.0 document, Unicode text, UTF-8 text, with very long lines (869), with no line terminatorsChineseChina0.6136618141097424
                                                                                                                                                                                        XML0x157ee400x2bcXML 1.0 document, Unicode text, UTF-8 (with BOM) textChineseChina0.5928571428571429
                                                                                                                                                                                        XML0x157f0fc0xecXML 1.0 document, Unicode text, UTF-8 (with BOM) textChineseChina0.8050847457627118
                                                                                                                                                                                        XML0x157f1e80x3ebXML 1.0 document, Unicode text, UTF-8 (with BOM) textChineseChina0.4057826520438684
                                                                                                                                                                                        XML0x157f5d40x260XML 1.0 document, Unicode text, UTF-8 text, with very long lines (598), with no line terminatorsChineseChina0.5789473684210527
                                                                                                                                                                                        XML0x157f8340x5ccXML 1.0 document, Unicode text, UTF-8 (with BOM) textChineseChina0.33423180592991913
                                                                                                                                                                                        XML0x157fe000x852XML 1.0 document, Unicode text, UTF-8 (with BOM) textChineseChina0.3572769953051643
                                                                                                                                                                                        XML0x15806540xd66XML 1.0 document, Unicode text, UTF-8 textChineseChina0.2664723032069971
                                                                                                                                                                                        RT_ICON0x15813bc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600ChineseChina0.799688796680498
                                                                                                                                                                                        RT_ICON0x15839640x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224ChineseChina0.8393527204502814
                                                                                                                                                                                        RT_ICON0x1584a0c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088ChineseChina0.8661347517730497
                                                                                                                                                                                        RT_STRING0x1584e740x10edataChineseChina0.5925925925925926
                                                                                                                                                                                        RT_GROUP_ICON0x1584f840x22dataChineseChina1.0
                                                                                                                                                                                        RT_VERSION0x1584fa80x2fcdataChineseChina0.5222513089005235
                                                                                                                                                                                        RT_MANIFEST0x15852a40x26eASCII text, with CRLF line terminatorsEnglishUnited States0.5176848874598071
                                                                                                                                                                                        None0x15855140xe8cb6PNG image data, 1105 x 632, 8-bit/color RGBA, non-interlacedChineseChina0.9998154219182277
                                                                                                                                                                                        None0x166e1cc0x2416PNG image data, 293 x 192, 8-bit/color RGBA, non-interlacedChineseChina0.9910153712924875
                                                                                                                                                                                        None0x16705e40x11bfPNG image data, 252 x 22, 8-bit/color RGBA, non-interlacedChineseChina0.9940567906669602
                                                                                                                                                                                        None0x16717a40x707PNG image data, 180 x 22, 8-bit/color RGBA, non-interlacedChineseChina1.0038910505836576
                                                                                                                                                                                        None0x1671eac0x1ccPNG image data, 80 x 20, 8-bit colormap, non-interlacedChineseChina1.0239130434782608
                                                                                                                                                                                        None0x16720780x301PNG image data, 80 x 20, 8-bit/color RGBA, non-interlacedChineseChina1.0039011703511054
                                                                                                                                                                                        None0x167237c0x223PNG image data, 80 x 20, 8-bit/color RGBA, non-interlacedChineseChina0.9853747714808044
                                                                                                                                                                                        None0x16725a00x381PNG image data, 80 x 20, 8-bit/color RGBA, non-interlacedChineseChina1.0100334448160535
                                                                                                                                                                                        None0x16729240xb52PNG image data, 180 x 22, 8-bit/color RGBA, non-interlacedChineseChina1.0006901311249137
                                                                                                                                                                                        None0x16734780x106aPNG image data, 196 x 22, 8-bit/color RGBA, non-interlacedChineseChina1.0026178010471205
                                                                                                                                                                                        None0x16744e40xbb6PNG image data, 168 x 22, 8-bit/color RGBA, non-interlacedChineseChina1.0036691127418278
                                                                                                                                                                                        None0x167509c0xc1ePNG image data, 180 x 22, 8-bit/color RGBA, non-interlacedChineseChina1.0025789813023855
                                                                                                                                                                                        None0x1675cbc0x1c82PNG image data, 260 x 25, 8-bit/color RGBA, non-interlacedChineseChina1.0015072622636338
                                                                                                                                                                                        None0x16779400x9c9PNG image data, 184 x 22, 8-bit/color RGBA, non-interlacedChineseChina1.0015968063872256
                                                                                                                                                                                        None0x167830c0x9cePNG image data, 184 x 22, 8-bit/color RGBA, non-interlacedChineseChina1.0043824701195219
                                                                                                                                                                                        None0x1678cdc0xf43PNG image data, 52 x 13, 8-bit/color RGBA, non-interlacedChineseChina1.002815459431789
                                                                                                                                                                                        None0x1679c200x9d2PNG image data, 344 x 16, 8-bit/color RGBA, non-interlacedChineseChina1.0031821797931584
                                                                                                                                                                                        None0x167a5f40x4a9PNG image data, 99 x 71, 8-bit/color RGB, interlacedChineseChina0.6865046102263203
                                                                                                                                                                                        None0x167aaa00x3afPNG image data, 22 x 22, 8-bit/color RGB, non-interlacedChineseChina0.6267232237539767
                                                                                                                                                                                        None0x167ae500xb59PNG image data, 99 x 71, 8-bit/color RGBA, non-interlacedChineseChina0.9955249569707401
                                                                                                                                                                                        None0x167b9ac0xc1aPNG image data, 96 x 24, 8-bit/color RGB, non-interlacedChineseChina1.0035506778566818
                                                                                                                                                                                        None0x167c5c80x271PNG image data, 35 x 35, 8-bit colormap, non-interlacedChineseChina0.8816
                                                                                                                                                                                        None0x167c83c0xb98PNG image data, 18 x 18, 8-bit/color RGBA, non-interlacedChineseChina1.0037061994609164
                                                                                                                                                                                        None0x167d3d40xd61PNG image data, 18 x 18, 8-bit/color RGBA, non-interlacedChineseChina1.0032116788321168
                                                                                                                                                                                        None0x167e1380xccdPNG image data, 18 x 18, 8-bit/color RGBA, non-interlacedChineseChina1.0033567287152885
                                                                                                                                                                                        None0x167ee080x1dd6PNG image data, 440 x 417, 8-bit/color RGBA, non-interlacedChineseChina0.8114689709347996
                                                                                                                                                                                        None0x1680be00x242ePNG image data, 136 x 33, 8-bit/color RGBA, non-interlacedChineseChina1.001187648456057
                                                                                                                                                                                        None0x16830100x1706PNG image data, 112 x 27, 8-bit/color RGBA, non-interlacedChineseChina1.001866304716661
                                                                                                                                                                                        None0x16847180xe1fPNG image data, 69 x 42, 8-bit/color RGBA, non-interlacedChineseChina1.003042876901798
                                                                                                                                                                                        None0x16855380xb0fPNG image data, 35 x 35, 8-bit/color RGBA, non-interlacedChineseChina1.003885552808195
                                                                                                                                                                                        None0x16860480xe14PNG image data, 69 x 36, 8-bit/color RGBA, non-interlacedChineseChina1.0030521642619312
                                                                                                                                                                                        None0x1686e5c0xb0cPNG image data, 40 x 24, 8-bit/color RGBA, non-interlacedChineseChina1.0038896746817538
                                                                                                                                                                                        None0x16879680xb3dPNG image data, 40 x 24, 8-bit/color RGBA, non-interlacedChineseChina1.0038234271810915
                                                                                                                                                                                        None0x16884a80xb77PNG image data, 40 x 24, 8-bit/color RGBA, non-interlacedChineseChina1.003747870528109
                                                                                                                                                                                        None0x16890200xb54PNG image data, 40 x 24, 8-bit/color RGBA, non-interlacedChineseChina1.0037931034482759
                                                                                                                                                                                        None0x1689b740xaebPNG image data, 6 x 1, 8-bit/color RGBA, non-interlacedChineseChina1.0039355992844365
                                                                                                                                                                                        None0x168a6600x52aPNG image data, 104 x 26, 8-bit colormap, non-interlacedChineseChina0.867624810892587
                                                                                                                                                                                        None0x168ab8c0x57PNG image data, 2 x 24, 1-bit colormap, non-interlacedChineseChina1.0229885057471264
                                                                                                                                                                                        None0x168abe40x1ca1PNG image data, 642 x 162, 8-bit/color RGBA, interlacedChineseChina0.9235912129894938
                                                                                                                                                                                        None0x168c8880x121dPNG image data, 80 x 20, 8-bit/color RGBA, interlacedChineseChina0.9428509812378693
                                                                                                                                                                                        None0x168daa80x3610PNG image data, 408 x 66, 8-bit/color RGBA, interlacedChineseChina0.9815751445086706
                                                                                                                                                                                        None0x16910b80x3b1ePNG image data, 408 x 66, 8-bit/color RGBA, interlacedChineseChina0.9825558345447337
                                                                                                                                                                                        None0x1694bd80x41fPNG image data, 460 x 4, 8-bit/color RGB, interlacedChineseChina0.6483412322274882
                                                                                                                                                                                        None0x1694ff80x115fPNG image data, 577 x 130, 8-bit/color RGBA, interlacedChineseChina0.8799190465482347
                                                                                                                                                                                        None0x16961580xe10PNG image data, 34 x 34, 8-bit/color RGBA, interlacedChineseChina0.9275
                                                                                                                                                                                        None0x1696f680x41fPNG image data, 460 x 4, 8-bit/color RGB, interlacedChineseChina0.6511848341232227
                                                                                                                                                                                        None0x16973880x51bPNG image data, 164 x 18, 8-bit/color RGBA, interlacedChineseChina0.7513389441469013
                                                                                                                                                                                        None0x16978a40x48c1PNG image data, 325 x 38, 8-bit/color RGBA, interlacedChineseChina0.9872214765100671
                                                                                                                                                                                        None0x169c1680x64f6PNG image data, 498 x 38, 8-bit/color RGBA, interlacedChineseChina0.9905594676158787
                                                                                                                                                                                        None0x16a26600x145PNG image data, 116 x 36, 4-bit colormap, non-interlacedChineseChina1.0338461538461539
                                                                                                                                                                                        None0x16a27a80x210PNG image data, 116 x 36, 4-bit colormap, non-interlacedChineseChina1.0208333333333333

                                                                                                                                                                                        Imports

                                                                                                                                                                                        DLLImport
                                                                                                                                                                                        KERNEL32.dllCreateThread, SetCurrentDirectoryW, VirtualFreeEx, ReadProcessMemory, VirtualAllocEx, DuplicateHandle, GetCurrentProcessId, WriteProcessMemory, OutputDebugStringW, GlobalAlloc, MulDiv, lstrcmpW, GlobalFree, ExitProcess, HeapAlloc, MoveFileExW, HeapFree, GetProcessHeap, GetSystemTimeAsFileTime, GetModuleHandleA, CreateFileA, CreateProcessA, LoadLibraryA, CreateFileMappingA, ReleaseMutex, SetFilePointer, GetFileType, MoveFileW, ResumeThread, SuspendThread, CreateEventW, DeleteAtom, FindAtomW, AddAtomW, GetAtomNameW, SetEndOfFile, GetLocaleInfoW, WriteConsoleW, SetThreadAffinityMask, WriteConsoleA, GetStringTypeW, GetStringTypeA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, FlushFileBuffers, InitializeCriticalSectionAndSpinCount, GetConsoleMode, GetConsoleCP, GetStartupInfoA, SetHandleCount, SetStdHandle, GetStdHandle, HeapCreate, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, LCMapStringW, LCMapStringA, RtlUnwind, GetStartupInfoW, GetFileAttributesW, ExitThread, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, InterlockedCompareExchange, HeapSize, HeapReAlloc, HeapDestroy, OpenFileMappingW, CreateFileMappingW, SetLastError, FlushInstructionCache, Sleep, GetCurrentThread, QueryPerformanceCounter, UnmapViewOfFile, MapViewOfFile, GetPrivateProfileIntW, SetThreadPriority, TerminateThread, SetEvent, WaitForSingleObject, CreateMutexW, CloseHandle, OpenProcess, GetCurrentProcess, CreateProcessW, GetCurrentThreadId, DeleteCriticalSection, lstrcmpiW, EnterCriticalSection, RaiseException, LeaveCriticalSection, InitializeCriticalSection, InterlockedDecrement, InterlockedIncrement, LoadLibraryExW, FreeLibrary, LockResource, GetProcAddress, GetLastError, FindResourceExW, lstrlenW, MultiByteToWideChar, GetModuleFileNameW, SizeofResource, LoadLibraryW, WideCharToMultiByte, GetModuleHandleW, CreateDirectoryW, LoadResource, FindResourceW, WritePrivateProfileStringW, GetTickCount, GetModuleFileNameA, SetFileAttributesW, LocalFree, DeleteFileW, RemoveDirectoryW, GetTempPathW, GlobalUnlock, CreateFileW, ReadFile, TerminateProcess, GetVersionExW, CopyFileW, WriteFile, GetPrivateProfileStringW, GlobalLock, GlobalSize, lstrlenA, FreeResource, GetConsoleOutputCP, GetTempFileNameW
                                                                                                                                                                                        USER32.dllGetKeyboardLayout, RegisterHotKey, UnregisterHotKey, LoadIconW, ShowWindowAsync, UnhookWindowsHookEx, MapVirtualKeyExW, GetKeyNameTextW, SetActiveWindow, SetWindowLongW, IsWindow, CreateWindowExW, SendMessageW, SetWindowsHookExW, ClientToScreen, MonitorFromPoint, MessageBoxW, GetSystemMetrics, GetMonitorInfoW, CopyRect, MsgWaitForMultipleObjects, TranslateMessage, PeekMessageW, DispatchMessageW, GetWindowThreadProcessId, UnregisterClassA, DestroyWindow, CharNextW, DefWindowProcW, EndPaint, AnimateWindow, SetForegroundWindow, DrawIconEx, IsZoomed, KillTimer, DrawTextW, SetCapture, LoadImageW, FillRect, GetWindowLongW, RegisterClassExW, PostMessageW, GetMessageW, CallWindowProcW, SetPropW, GetClassInfoExW, LoadCursorW, RegisterWindowMessageW, PostQuitMessage, SetParent, GetParent, GetFocus, GetKeyState, IsWindowVisible, ShowWindow, GetClientRect, IsRectEmpty, MoveWindow, GetWindow, GetMessagePos, EnumDisplaySettingsW, SetWindowTextW, GetCaretBlinkTime, EnableWindow, UpdateWindow, MapWindowPoints, SwitchToThisWindow, RegisterClipboardFormatW, SetCaretPos, ReleaseCapture, CreateCaret, GetCursorPos, SetWindowPos, GetSysColor, RedrawWindow, MonitorFromWindow, ReleaseDC, SetClassLongW, SystemParametersInfoW, GetWindowTextW, BringWindowToTop, InvalidateRect, UnionRect, IntersectRect, SetRect, GetAsyncKeyState, OffsetRect, GetWindowRect, ScreenToClient, HideCaret, SetTimer, SetWindowRgn, UpdateLayeredWindow, TrackMouseEvent, AttachThreadInput, SubtractRect, DrawIcon, SetFocus, BeginPaint, PtInRect, GetIconInfo, GetDC, GetForegroundWindow, GetClassNameW, CallNextHookEx, IsChild, GetWindowTextLengthW, RemovePropW, SetCursor
                                                                                                                                                                                        GDI32.dllGetObjectW, SetStretchBltMode, CreateRoundRectRgn, CreateRectRgn, CreatePen, RoundRect, GetObjectA, GetStockObject, CreateSolidBrush, DeleteDC, CreateDCW, SelectObject, CreateCompatibleDC, CreateCompatibleBitmap, GetTextExtentPoint32W, SetBitmapBits, MoveToEx, GetBitmapBits, CreateFontW, Rectangle, CombineRgn, DeleteObject, SetBkMode, GetDIBits, StretchBlt, GetDeviceCaps, CreateFontIndirectW, CreateDIBSection, SetTextColor, BitBlt, SetViewportOrgEx, LineTo
                                                                                                                                                                                        ADVAPI32.dllRegEnumKeyExW, RegQueryValueExW, RegOpenKeyW, RegEnumValueW, RegOpenKeyExW, RegCloseKey, RegSetValueExW, RegCreateKeyExW, RegQueryInfoKeyW, RegDeleteKeyW, RegDeleteValueW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges
                                                                                                                                                                                        SHELL32.dllSHGetFolderPathA, SHGetFolderPathW, ShellExecuteA, ShellExecuteW, SHGetSpecialFolderPathW, SHGetSpecialFolderLocation, SHGetMalloc, SHGetPathFromIDListW, CommandLineToArgvW
                                                                                                                                                                                        ole32.dllOleCreate, OleUninitialize, OleInitialize, OleSetContainedObject, CoMarshalInterface, GetHGlobalFromStream, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CoInitialize, CoTaskMemRealloc, CoUninitialize, CoCreateInstance
                                                                                                                                                                                        OLEAUT32.dllVariantCopy, SysAllocStringLen, VariantInit, VariantClear, SysAllocString, VarUI4FromStr, SysFreeString
                                                                                                                                                                                        SHLWAPI.dllPathMatchSpecW, StrTrimW, SHDeleteKeyW, PathFindExtensionW, StrDupW, SHRegGetPathW, SHDeleteValueW, StrCpyNW, SHSetValueW, PathCombineW, PathIsRootW, PathAddBackslashW, PathIsDirectoryW, PathAppendW, SHGetValueW, PathFileExistsW, PathRemoveFileSpecW, PathFindFileNameW
                                                                                                                                                                                        gdiplus.dllGdipCreateTexture2I, GdiplusStartup, GdipDeleteStringFormat, GdipCreatePen1, GdipDrawRectangleI, GdipCreateFontFromDC, GdipReleaseDC, GdipGetImageWidth, GdipCreatePath, GdipSetStringFormatTrimming, GdipCreateStringFormat, GdipDrawLineI, GdipCloneImage, GdipFillRectangleI, GdipBitmapLockBits, GdipFillPath, GdipSaveImageToFile, GdipCreateFromHDC, GdipCreateHBITMAPFromBitmap, GdipDrawString, GdipGetImageEncoders, GdipCreateImageAttributes, GdipClonePath, GdipCreateBitmapFromHBITMAP, GdipCreateBitmapFromFile, GdipDisposeImage, GdipSetImageAttributesColorKeys, GdipGetImageEncodersSize, GdipAlloc, GdipDisposeImageAttributes, GdipCreateSolidFill, GdipAddPathArcI, GdipBitmapUnlockBits, GdipAddPathLineI, GdipSetStringFormatAlign, GdipDrawImageRectI, GdipDeleteGraphics, GdipCreateBitmapFromScan0, GdipDeleteFont, GdipDrawPath, GdipSetTextRenderingHint, GdipCreateBitmapFromStream, GdipSetStringFormatLineAlign, GdipMeasureString, GdipTranslateTextureTransform, GdipDrawImageRectRectI, GdipGetImageHeight, GdipCreateFontFromLogfontA, GdipCloneBrush, GdipDeletePen, GdipFree, GdipDeleteBrush, GdipSetStringFormatFlags, GdiplusShutdown, GdipDeletePath
                                                                                                                                                                                        COMCTL32.dllImageList_ReplaceIcon, ImageList_Remove, ImageList_GetImageCount, ImageList_GetIcon, ImageList_Create, ImageList_Draw, ImageList_Destroy, InitCommonControlsEx
                                                                                                                                                                                        MSIMG32.dllTransparentBlt, AlphaBlend
                                                                                                                                                                                        VERSION.dllVerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
                                                                                                                                                                                        RICHED20.dll
                                                                                                                                                                                        WINMM.dlltimeGetTime
                                                                                                                                                                                        PSAPI.DLLGetModuleFileNameExW, EnumProcessModules, EnumProcesses
                                                                                                                                                                                        WININET.dllInternetGetCookieExW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoW, InternetSetOptionA, InternetSetOptionExW, InternetSetOptionExA, InternetCloseHandle, InternetOpenA, HttpQueryInfoW, InternetSetOptionW, InternetReadFile, InternetOpenUrlW

                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                        ChineseChina
                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Mar 7, 2024 06:28:16.249558926 CET49708443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:16.249649048 CET44349708183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:16.249753952 CET49708443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:16.292818069 CET49708443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:16.292865038 CET44349708183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:17.309312105 CET44349708183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:17.309530973 CET49708443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.389517069 CET49708443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.389601946 CET44349708183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:17.390139103 CET44349708183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:17.390208960 CET49708443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.407705069 CET49708443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.452230930 CET44349708183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:17.784339905 CET44349708183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:17.784425020 CET44349708183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:17.784557104 CET49708443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.784557104 CET49708443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.784588099 CET44349708183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:17.784701109 CET49708443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.789326906 CET49708443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.789371967 CET44349708183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:17.840224028 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.840236902 CET49709443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.840265989 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:17.840270042 CET44349709183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:17.840337992 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.840338945 CET49709443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.841342926 CET49709443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.841360092 CET44349709183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:17.842216015 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:17.842233896 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:18.865694046 CET44349709183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:18.865765095 CET49709443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:18.866451025 CET49709443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:18.866460085 CET44349709183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:18.866722107 CET49709443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:18.866728067 CET44349709183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:18.967278004 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:18.967350006 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:18.967730045 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:18.967739105 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:18.967983961 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:18.967989922 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.207524061 CET44349709183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.207546949 CET44349709183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.207580090 CET44349709183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.207611084 CET44349709183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.207617998 CET49709443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:19.207667112 CET49709443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:19.207681894 CET49709443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:19.208873034 CET49709443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:19.208895922 CET44349709183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.210306883 CET49711443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:19.210336924 CET44349711183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.210417032 CET49711443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:19.212416887 CET49711443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:19.212435007 CET44349711183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.705144882 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.705207109 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.705249071 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:19.705269098 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.705292940 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:19.705322027 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.705359936 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:19.705383062 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:19.705882072 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.705931902 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.705955029 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:19.705962896 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:19.705997944 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:19.706011057 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.073797941 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.073834896 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.073883057 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.073884010 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.073915958 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.073925018 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.073941946 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.073966980 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.075028896 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.075073957 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.075098991 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.075105906 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.075136900 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.075155020 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.075923920 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.075974941 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.076009035 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.076015949 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.076039076 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.076056957 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.235769033 CET44349711183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.235964060 CET49711443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.236531973 CET49711443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.236547947 CET44349711183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.236814976 CET49711443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.236824036 CET44349711183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.443000078 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.443037987 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.443078041 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.443085909 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.443120956 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.443133116 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.443171978 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.443229914 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.443276882 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.443414927 CET49710443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.443434000 CET44349710183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.444564104 CET49712443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.444592953 CET44349712183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.444655895 CET49712443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.445564032 CET49712443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.445576906 CET44349712183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.576453924 CET44349711183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.576474905 CET44349711183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.576508999 CET49711443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.576519012 CET44349711183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.576543093 CET44349711183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.576560020 CET44349711183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.576560974 CET49711443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.576587915 CET49711443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.576611996 CET49711443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.578151941 CET49711443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.578185081 CET44349711183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.579345942 CET49713443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.579426050 CET44349713183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:20.579514980 CET49713443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.580454111 CET49713443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:20.580488920 CET44349713183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.455182076 CET44349712183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.455332041 CET49712443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.455981016 CET49712443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.455996990 CET44349712183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.456298113 CET49712443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.456301928 CET44349712183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.574031115 CET44349713183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.574320078 CET49713443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.577090979 CET49713443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.577117920 CET44349713183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.586530924 CET49713443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.586544037 CET44349713183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.787201881 CET44349712183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.787265062 CET44349712183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.787410021 CET44349712183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.787414074 CET49712443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.787525892 CET49712443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.813910007 CET49712443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.813924074 CET44349712183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.824836016 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.824923992 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.825009108 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.827801943 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.827841043 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.918509007 CET44349713183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.918533087 CET44349713183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.918581009 CET44349713183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.918595076 CET44349713183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.918704987 CET49713443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.918704987 CET49713443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.918704987 CET49713443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.918704987 CET49713443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.970582008 CET49713443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.970643044 CET44349713183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.979363918 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.979412079 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:21.979482889 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.985274076 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:21.985290051 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:22.859489918 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:22.859700918 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:22.860737085 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:22.860764980 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:22.861304045 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:22.861316919 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:22.979716063 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:22.979779005 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:22.980369091 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:22.980379105 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:22.980614901 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:22.980622053 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.538866043 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.538932085 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.538975000 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.539014101 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.539043903 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.539060116 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.539099932 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.539367914 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.539412022 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.539442062 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.539448023 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.539473057 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.539495945 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.637593985 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.637624025 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.637641907 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.637670040 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.637721062 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.637732029 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.637787104 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.638303041 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.638323069 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.638371944 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.638381004 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.638418913 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.638437033 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.878148079 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.878185034 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.878233910 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.878350973 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.878385067 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.878396988 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.878432035 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.879113913 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.879159927 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.879194975 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.879199982 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.879251003 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.880033016 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.880088091 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.880120993 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.880126953 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.880158901 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.880184889 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.968332052 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.968359947 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.968494892 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.968513966 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.969181061 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.969471931 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.969491005 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.969562054 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.969573021 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.970135927 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.970148087 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.970191956 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.970206022 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.970212936 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.970225096 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.970249891 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.970276117 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.970540047 CET49717443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.970561028 CET44349717183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.971471071 CET49719443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.971508980 CET44349719183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:23.971586943 CET49719443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.972083092 CET49719443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:23.972099066 CET44349719183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222419977 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222455025 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222501993 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222539902 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222579002 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222590923 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222639084 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222642899 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222675085 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222724915 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222728014 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222733974 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222754002 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222785950 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222832918 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222897053 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222939014 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222970009 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.222980976 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223011971 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223033905 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223135948 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223186970 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223220110 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223227024 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223261118 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223444939 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223459005 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223493099 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223517895 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223526001 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223561049 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223592997 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223844051 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223886013 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223923922 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223953009 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.223988056 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.224419117 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.567667007 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.567733049 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.567840099 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.567874908 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.567893982 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.567926884 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.568391085 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.568444014 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.568474054 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.568481922 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.568530083 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.569289923 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.569331884 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.569365025 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.569372892 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.569399118 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.569425106 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.569430113 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.569477081 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.569494009 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.569521904 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.569530010 CET44349716183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.569550991 CET49716443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.571110964 CET49720443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.571141958 CET44349720183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.571213961 CET49720443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.572000027 CET49720443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.572016001 CET44349720183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.981436014 CET44349719183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.981544018 CET49719443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.993998051 CET49719443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.994004965 CET44349719183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:24.994290113 CET49719443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:24.994294882 CET44349719183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:25.324376106 CET44349719183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:25.324395895 CET44349719183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:25.324448109 CET49719443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:25.324456930 CET44349719183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:25.324466944 CET49719443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:25.324517965 CET49719443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:25.325231075 CET49719443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:25.325247049 CET44349719183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:25.327231884 CET49721443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:25.327282906 CET44349721183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:25.327358961 CET49721443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:25.327738047 CET49721443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:25.327752113 CET44349721183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:26.341058969 CET44349720183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:26.341198921 CET49720443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:26.349842072 CET49720443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:26.349852085 CET44349720183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:26.350389957 CET49720443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:26.350397110 CET44349720183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:26.696683884 CET44349720183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:26.696743011 CET44349720183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:26.696820974 CET49720443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:26.696831942 CET44349720183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:26.696887970 CET44349720183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:26.699100971 CET49720443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:26.761605024 CET49720443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:26.761620998 CET44349720183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:26.799607038 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:26.799649954 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:26.799726009 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:26.872760057 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:26.872787952 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:27.383735895 CET44349721183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:27.383830070 CET49721443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:27.412995100 CET49721443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:27.413017988 CET44349721183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:27.413494110 CET49721443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:27.413506031 CET44349721183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:27.763442993 CET44349721183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:27.763462067 CET44349721183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:27.763523102 CET44349721183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:27.763525009 CET49721443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:27.763525963 CET49721443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:27.763582945 CET49721443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:27.770723104 CET49721443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:27.770761013 CET44349721183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:27.882144928 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:27.882250071 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:27.943078041 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:27.943098068 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:27.943444967 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:27.943455935 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:28.599112988 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:28.599145889 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:28.599167109 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:28.599208117 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:28.599209070 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:28.599282026 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:28.599320889 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:28.599353075 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:28.926455021 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:28.926475048 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:28.926508904 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:28.926584005 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:28.926616907 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:28.926644087 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:28.926677942 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:29.255947113 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:29.255964994 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:29.256002903 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:29.256097078 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:29.256162882 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:29.256205082 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:29.257395029 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:29.910849094 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:29.910870075 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:29.910924911 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:29.910962105 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:29.910984993 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:29.911000967 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:29.911036968 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:30.240370989 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:30.240391970 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:30.240417957 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:30.240525961 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:30.240525961 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:30.240562916 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:30.240629911 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:30.242525101 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:30.242588043 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:30.242635965 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:30.242661953 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:30.242676973 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:30.242707968 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:30.242727995 CET44349724183.131.158.108192.168.2.7
                                                                                                                                                                                        Mar 7, 2024 06:28:30.242782116 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:30.242933035 CET49724443192.168.2.7183.131.158.108
                                                                                                                                                                                        Mar 7, 2024 06:28:30.242949963 CET44349724183.131.158.108192.168.2.7

                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Mar 7, 2024 06:28:15.881685019 CET4940153192.168.2.71.1.1.1
                                                                                                                                                                                        Mar 7, 2024 06:28:16.221847057 CET53494011.1.1.1192.168.2.7

                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                        Mar 7, 2024 06:28:15.881685019 CET192.168.2.71.1.1.10xe1a9Standard query (0)yx.3dmgame.comA (IP address)IN (0x0001)false

                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                        Mar 7, 2024 06:28:16.221847057 CET1.1.1.1192.168.2.70xe1a9No error (0)yx.3dmgame.com183.131.158.108A (IP address)IN (0x0001)false

                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                        • yx.3dmgame.com
                                                                                                                                                                                        • https:

                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        0192.168.2.749708183.131.158.1084431340C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-03-07 05:28:17 UTC256OUTGET /yy/jz/microend?mytime=1709789293&ver=3& HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)
                                                                                                                                                                                        Host: yx.3dmgame.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-03-07 05:28:17 UTC231INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Thu, 07 Mar 2024 05:28:17 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                        2024-03-07 05:28:17 UTC8615INData Raw: 32 31 39 61 0d 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e e5 89 91 e5 ae 97 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e
                                                                                                                                                                                        Data Ascii: 219a<!DOCTYPE html><html ><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-con


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        1192.168.2.749709183.131.158.1084431340C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-03-07 05:28:18 UTC319OUTGET /page/microend/jz/css/base.css HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&
                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)
                                                                                                                                                                                        Host: yx.3dmgame.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-03-07 05:28:19 UTC301INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Thu, 07 Mar 2024 05:28:19 GMT
                                                                                                                                                                                        Content-Type: text/css
                                                                                                                                                                                        Content-Length: 12960
                                                                                                                                                                                        Last-Modified: Mon, 10 Jan 2022 10:01:33 GMT
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        ETag: "61dc03fd-32a0"
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-03-07 05:28:19 UTC12960INData Raw: 2f 2a 72 65 73 65 74 2a 2f 62 6f 64 79 2c 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 20 7b 66 6f 6e 74 3a 20 31 32 70 78 2f 31 2e 35 20 22 22 3b 7d 0a 73 75 62 2c 73 75 70 20 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 3b 7d 0a 62 6f 64 79 2c 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 2c 64 6c 2c 64 74 2c 64 64 2c 75 6c 2c 6f 6c 2c 6c 69 2c 74 68 2c 74 64 2c 70 2c 62 6c 6f 63 6b 71 75 6f 74 65 2c 70 72 65 2c 66 6f 72 6d 2c 66 69 65 6c 64 73 65 74 2c 6c 65 67 65 6e 64 2c 69 6e 70 75 74 2c 62 75 74 74 6f 6e 2c 74 65 78 74 61 72 65 61 2c 68 72 20 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 7d 0a 74 61 62 6c 65 20 7b 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f
                                                                                                                                                                                        Data Ascii: /*reset*/body,button,input,select,textarea {font: 12px/1.5 "";}sub,sup {line-height:0;}body,h1,h2,h3,h4,h5,h6,dl,dt,dd,ul,ol,li,th,td,p,blockquote,pre,form,fieldset,legend,input,button,textarea,hr {margin:0;padding:0;}table {border-collapse:collapse;bo


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        2192.168.2.749710183.131.158.1084431340C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-03-07 05:28:18 UTC318OUTGET /page/microend/jz/js/jq1.9.js HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&
                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)
                                                                                                                                                                                        Host: yx.3dmgame.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-03-07 05:28:19 UTC318INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Thu, 07 Mar 2024 05:28:19 GMT
                                                                                                                                                                                        Content-Type: application/x-javascript
                                                                                                                                                                                        Content-Length: 92525
                                                                                                                                                                                        Last-Modified: Mon, 10 Jan 2022 10:01:33 GMT
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        ETag: "61dc03fd-1696d"
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-03-07 05:28:19 UTC16066INData Raw: 2f 2a 76 31 2e 39 2e 31 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 3d 74 79 70 65 6f 66 20 74 2c 6f 3d 65 2e 64 6f 63 75 6d 65 6e 74 2c 61 3d 65 2e 6c 6f 63 61 74 69 6f 6e 2c 73 3d 65 2e 6a 51 75 65 72 79 2c 75 3d 65 2e 24 2c 6c 3d 7b 7d 2c 63 3d 5b 5d 2c 70 3d 22 31 2e 39 2e 31 22 2c 66 3d 63 2e 63 6f 6e 63 61 74 2c 64 3d 63 2e 70 75 73 68 2c 68 3d 63 2e 73 6c 69 63 65 2c 67 3d 63 2e 69 6e 64 65 78 4f 66 2c 6d 3d 6c 2e 74 6f 53 74 72 69 6e 67 2c 79 3d 6c 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 76 3d 70 2e 74 72 69 6d 2c 62 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 62 2e 66 6e 2e 69 6e 69 74 28 65 2c 74 2c 72 29 7d 2c 78 3d 2f 5b 2b 2d 5d 3f 28 3f 3a 5c 64 2a 5c 2e 7c 29 5c 64
                                                                                                                                                                                        Data Ascii: /*v1.9.1*/(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d
                                                                                                                                                                                        2024-03-07 05:28:19 UTC16384INData Raw: 3d 3d 3d 72 3f 21 31 3a 22 6e 75 6c 6c 22 3d 3d 3d 72 3f 6e 75 6c 6c 3a 2b 72 2b 22 22 3d 3d 3d 72 3f 2b 72 3a 4f 2e 74 65 73 74 28 72 29 3f 62 2e 70 61 72 73 65 4a 53 4f 4e 28 72 29 3a 72 7d 63 61 74 63 68 28 6f 29 7b 7d 62 2e 64 61 74 61 28 65 2c 6e 2c 72 29 7d 65 6c 73 65 20 72 3d 74 7d 72 65 74 75 72 6e 20 72 7d 66 75 6e 63 74 69 6f 6e 20 24 28 65 29 7b 76 61 72 20 74 3b 66 6f 72 28 74 20 69 6e 20 65 29 69 66 28 28 22 64 61 74 61 22 21 3d 3d 74 7c 7c 21 62 2e 69 73 45 6d 70 74 79 4f 62 6a 65 63 74 28 65 5b 74 5d 29 29 26 26 22 74 6f 4a 53 4f 4e 22 21 3d 3d 74 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 62 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 72 29 7b 76 61 72 20 69 3b 72 65 74 75 72 6e 20 65
                                                                                                                                                                                        Data Ascii: ===r?!1:"null"===r?null:+r+""===r?+r:O.test(r)?b.parseJSON(r):r}catch(o){}b.data(e,n,r)}else r=t}return r}function $(e){var t;for(t in e)if(("data"!==t||!b.isEmptyObject(e[t]))&&"toJSON"!==t)return!1;return!0}b.extend({queue:function(e,n,r){var i;return e
                                                                                                                                                                                        2024-03-07 05:28:20 UTC16384INData Raw: 61 28 72 2c 22 73 75 62 6d 69 74 42 75 62 62 6c 65 73 22 29 26 26 28 62 2e 65 76 65 6e 74 2e 61 64 64 28 72 2c 22 73 75 62 6d 69 74 2e 5f 73 75 62 6d 69 74 22 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 5f 73 75 62 6d 69 74 5f 62 75 62 62 6c 65 3d 21 30 7d 29 2c 62 2e 5f 64 61 74 61 28 72 2c 22 73 75 62 6d 69 74 42 75 62 62 6c 65 73 22 2c 21 30 29 29 7d 29 2c 74 29 7d 2c 70 6f 73 74 44 69 73 70 61 74 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 5f 73 75 62 6d 69 74 5f 62 75 62 62 6c 65 26 26 28 64 65 6c 65 74 65 20 65 2e 5f 73 75 62 6d 69 74 5f 62 75 62 62 6c 65 2c 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 21 65 2e 69 73 54 72 69 67 67 65 72 26 26 62 2e 65 76 65 6e 74 2e 73 69 6d 75 6c 61 74 65 28 22 73 75 62 6d 69 74 22 2c 74 68 69 73 2e
                                                                                                                                                                                        Data Ascii: a(r,"submitBubbles")&&(b.event.add(r,"submit._submit",function(e){e._submit_bubble=!0}),b._data(r,"submitBubbles",!0))}),t)},postDispatch:function(e){e._submit_bubble&&(delete e._submit_bubble,this.parentNode&&!e.isTrigger&&b.event.simulate("submit",this.
                                                                                                                                                                                        2024-03-07 05:28:20 UTC16384INData Raw: 73 2c 75 2c 6c 2c 63 3d 45 5b 65 2b 22 20 22 5d 3b 69 66 28 63 29 72 65 74 75 72 6e 20 74 3f 30 3a 63 2e 73 6c 69 63 65 28 30 29 3b 73 3d 65 2c 75 3d 5b 5d 2c 6c 3d 69 2e 70 72 65 46 69 6c 74 65 72 3b 77 68 69 6c 65 28 73 29 7b 28 21 6e 7c 7c 28 72 3d 24 2e 65 78 65 63 28 73 29 29 29 26 26 28 72 26 26 28 73 3d 73 2e 73 6c 69 63 65 28 72 5b 30 5d 2e 6c 65 6e 67 74 68 29 7c 7c 73 29 2c 75 2e 70 75 73 68 28 6f 3d 5b 5d 29 29 2c 6e 3d 21 31 2c 28 72 3d 49 2e 65 78 65 63 28 73 29 29 26 26 28 6e 3d 72 2e 73 68 69 66 74 28 29 2c 6f 2e 70 75 73 68 28 7b 76 61 6c 75 65 3a 6e 2c 74 79 70 65 3a 72 5b 30 5d 2e 72 65 70 6c 61 63 65 28 57 2c 22 20 22 29 7d 29 2c 73 3d 73 2e 73 6c 69 63 65 28 6e 2e 6c 65 6e 67 74 68 29 29 3b 66 6f 72 28 61 20 69 6e 20 69 2e 66 69 6c 74
                                                                                                                                                                                        Data Ascii: s,u,l,c=E[e+" "];if(c)return t?0:c.slice(0);s=e,u=[],l=i.preFilter;while(s){(!n||(r=$.exec(s)))&&(r&&(s=s.slice(r[0].length)||s),u.push(o=[])),n=!1,(r=I.exec(s))&&(n=r.shift(),o.push({value:n,type:r[0].replace(W," ")}),s=s.slice(n.length));for(a in i.filt
                                                                                                                                                                                        2024-03-07 05:28:20 UTC16384INData Raw: 2c 66 6f 6e 74 57 65 69 67 68 74 3a 34 30 30 7d 2c 5a 74 3d 5b 22 54 6f 70 22 2c 22 52 69 67 68 74 22 2c 22 42 6f 74 74 6f 6d 22 2c 22 4c 65 66 74 22 5d 2c 65 6e 3d 5b 22 57 65 62 6b 69 74 22 2c 22 4f 22 2c 22 4d 6f 7a 22 2c 22 6d 73 22 5d 3b 66 75 6e 63 74 69 6f 6e 20 74 6e 28 65 2c 74 29 7b 69 66 28 74 20 69 6e 20 65 29 72 65 74 75 72 6e 20 74 3b 76 61 72 20 6e 3d 74 2e 63 68 61 72 41 74 28 30 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 2b 74 2e 73 6c 69 63 65 28 31 29 2c 72 3d 74 2c 69 3d 65 6e 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 69 2d 2d 29 69 66 28 74 3d 65 6e 5b 69 5d 2b 6e 2c 74 20 69 6e 20 65 29 72 65 74 75 72 6e 20 74 3b 72 65 74 75 72 6e 20 72 7d 66 75 6e 63 74 69 6f 6e 20 6e 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 65 3d 74 7c 7c 65 2c
                                                                                                                                                                                        Data Ascii: ,fontWeight:400},Zt=["Top","Right","Bottom","Left"],en=["Webkit","O","Moz","ms"];function tn(e,t){if(t in e)return t;var n=t.charAt(0).toUpperCase()+t.slice(1),r=t,i=en.length;while(i--)if(t=en[i]+n,t in e)return t;return r}function nn(e,t){return e=t||e,
                                                                                                                                                                                        2024-03-07 05:28:20 UTC10923INData Raw: 3f 75 2e 6f 70 65 6e 28 6e 2e 74 79 70 65 2c 6e 2e 75 72 6c 2c 6e 2e 61 73 79 6e 63 2c 6e 2e 75 73 65 72 6e 61 6d 65 2c 6e 2e 70 61 73 73 77 6f 72 64 29 3a 75 2e 6f 70 65 6e 28 6e 2e 74 79 70 65 2c 6e 2e 75 72 6c 2c 6e 2e 61 73 79 6e 63 29 2c 6e 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 73 20 69 6e 20 6e 2e 78 68 72 46 69 65 6c 64 73 29 75 5b 73 5d 3d 6e 2e 78 68 72 46 69 65 6c 64 73 5b 73 5d 3b 6e 2e 6d 69 6d 65 54 79 70 65 26 26 75 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 75 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 6e 2e 6d 69 6d 65 54 79 70 65 29 2c 6e 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 69 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 69 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68
                                                                                                                                                                                        Data Ascii: ?u.open(n.type,n.url,n.async,n.username,n.password):u.open(n.type,n.url,n.async),n.xhrFields)for(s in n.xhrFields)u[s]=n.xhrFields[s];n.mimeType&&u.overrideMimeType&&u.overrideMimeType(n.mimeType),n.crossDomain||i["X-Requested-With"]||(i["X-Requested-With


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        3192.168.2.749711183.131.158.1084431340C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-03-07 05:28:20 UTC318OUTGET /page/microend/jz/js/Slide.js HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&
                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)
                                                                                                                                                                                        Host: yx.3dmgame.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-03-07 05:28:20 UTC317INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Thu, 07 Mar 2024 05:28:20 GMT
                                                                                                                                                                                        Content-Type: application/x-javascript
                                                                                                                                                                                        Content-Length: 11422
                                                                                                                                                                                        Last-Modified: Mon, 10 Jan 2022 10:01:33 GMT
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        ETag: "61dc03fd-2c9e"
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-03-07 05:28:20 UTC11422INData Raw: 2f 2a 21 0d 0a 20 2a 20 53 75 70 65 72 53 6c 69 64 65 20 76 32 2e 31 2e 31 20 0d 0a 20 2a 20 e8 bd bb e6 9d be e8 a7 a3 e5 86 b3 e7 bd 91 e7 ab 99 e5 a4 a7 e9 83 a8 e5 88 86 e7 89 b9 e6 95 88 e5 b1 95 e7 a4 ba e9 97 ae e9 a2 98 0d 0a 20 2a 20 e8 af a6 e5 b0 bd e4 bf a1 e6 81 af e8 af b7 e7 9c 8b e5 ae 98 e7 bd 91 ef bc 9a 68 74 74 70 3a 2f 2f 77 77 77 2e 53 75 70 65 72 53 6c 69 64 65 32 2e 63 6f 6d 2f 0d 0a 20 2a 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 33 2c 20 e5 a4 a7 e8 af 9d e4 b8 bb e5 b8 ad 0d 0a 20 2a 0d 0a 20 2a 20 e8 af b7 e5 b0 8a e9 87 8d e5 8e 9f e5 88 9b ef bc 8c e4 bf 9d e7 95 99 e5 a4 b4 e9 83 a8 e7 89 88 e6 9d 83 0d 0a 20 2a 20 e5 9c a8 e4 bf 9d e7 95 99 e7 89 88 e6 9d 83 e7 9a 84 e5 89 8d e6 8f 90 e4 b8 8b e5
                                                                                                                                                                                        Data Ascii: /*! * SuperSlide v2.1.1 * * http://www.SuperSlide2.com/ * * Copyright 2011-2013, * * *


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        4192.168.2.749712183.131.158.1084431340C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-03-07 05:28:21 UTC318OUTGET /page/microend/jz/js/index.js HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&
                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)
                                                                                                                                                                                        Host: yx.3dmgame.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-03-07 05:28:21 UTC316INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Thu, 07 Mar 2024 05:28:21 GMT
                                                                                                                                                                                        Content-Type: application/x-javascript
                                                                                                                                                                                        Content-Length: 6509
                                                                                                                                                                                        Last-Modified: Mon, 10 Jan 2022 10:01:33 GMT
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        ETag: "61dc03fd-196d"
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-03-07 05:28:21 UTC6509INData Raw: 24 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 20 20 20 20 69 66 28 20 24 28 22 23 69 64 63 6f 64 65 22 29 2e 73 69 7a 65 28 29 3e 3d 31 20 29 7b 0d 0a 20 20 20 20 20 20 20 20 24 2e 69 64 63 6f 64 65 2e 73 65 74 43 6f 64 65 28 29 3b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 69 66 28 24 28 22 2e 6c 75 6e 62 6f 78 6c 69 73 20 75 6c 20 6c 69 22 29 2e 73 69 7a 65 28 29 3e 3d 31 29 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 22 2e 6c 75 6e 62 6f 78 6c 69 73 22 29 2e 73 6c 69 64 65 28 7b 6d 61 69 6e 43 65 6c 6c 3a 22 2e 62 64 20 75 6c 22 2c 61 75 74 6f 50 61 67 65 3a 74 72 75 65 2c 65 66 66 65 63 74 3a 22 6c 65 66 74 22 2c 76 69 73 3a 36 7d 29 3b 0d 0a 0d 0a 20 20 20 20 7d 0d 0a 7d 29 0d 0a 24 28 22 2e 6c 6f 67 69 6e 5f 41 66 20 2e 73 65 72 76 65 20
                                                                                                                                                                                        Data Ascii: $(function(){ if( $("#idcode").size()>=1 ){ $.idcode.setCode(); } if($(".lunboxlis ul li").size()>=1){ jQuery(".lunboxlis").slide({mainCell:".bd ul",autoPage:true,effect:"left",vis:6}); }})$(".login_Af .serve


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        5192.168.2.749713183.131.158.1084431340C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-03-07 05:28:21 UTC317OUTGET /page/microend/asbz/js/lr.js HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&
                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)
                                                                                                                                                                                        Host: yx.3dmgame.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-03-07 05:28:21 UTC317INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Thu, 07 Mar 2024 05:28:21 GMT
                                                                                                                                                                                        Content-Type: application/x-javascript
                                                                                                                                                                                        Content-Length: 10994
                                                                                                                                                                                        Last-Modified: Mon, 18 Apr 2022 14:01:02 GMT
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        ETag: "625d6f1e-2af2"
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-03-07 05:28:21 UTC10994INData Raw: 0d 0a 20 20 20 20 76 61 72 20 6d 61 67 69 63 20 3d 20 66 75 6e 63 74 69 6f 6e 28 6f 62 6a 29 7b 0d 0a 0d 0a 20 20 20 20 09 6d 74 68 69 73 20 3d 20 74 68 69 73 3b 0d 0a 20 20 20 20 09 6d 74 68 69 73 2e 71 71 73 72 63 20 3d 20 6f 62 6a 2e 71 71 73 72 63 3b 0d 0a 20 20 20 20 09 6d 74 68 69 73 2e 77 65 63 68 61 74 73 72 63 20 3d 20 6f 62 6a 2e 77 65 63 68 61 74 73 72 63 3b 0d 0a 20 20 20 20 09 6d 74 68 69 73 2e 73 69 6e 61 73 72 63 20 3d 20 6f 62 6a 2e 73 69 6e 61 73 72 63 3b 0d 0a 0d 0a 09 09 2f 2f e7 b1 bb e5 90 8d 20 20 28 2e 74 65 6e 63 65 6e 74 20 2e 77 65 69 78 69 6e 20 20 2e 73 69 6e 61 20 e6 b7 bb e5 8a a0 29 0d 0a 20 20 20 20 09 6d 74 68 69 73 2e 71 71 6c 6f 67 69 6e 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 20 20 20 20 09 09 24 28 64 6f 63 75
                                                                                                                                                                                        Data Ascii: var magic = function(obj){ mthis = this; mthis.qqsrc = obj.qqsrc; mthis.wechatsrc = obj.wechatsrc; mthis.sinasrc = obj.sinasrc;// (.tencent .weixin .sina ) mthis.qqlogin = function(){ $(docu


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        6192.168.2.749716183.131.158.1084431340C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-03-07 05:28:22 UTC321OUTGET /page/microend/jz/images/bj1.png HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&
                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)
                                                                                                                                                                                        Host: yx.3dmgame.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-03-07 05:28:23 UTC304INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Thu, 07 Mar 2024 05:28:23 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Content-Length: 225688
                                                                                                                                                                                        Last-Modified: Mon, 10 Jan 2022 10:01:33 GMT
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        ETag: "61dc03fd-37198"
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-03-07 05:28:23 UTC16080INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 4e 00 00 01 e0 08 06 00 00 00 53 a7 e2 f6 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 78 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20
                                                                                                                                                                                        Data Ascii: PNGIHDRNStEXtSoftwareAdobe ImageReadyqe<xiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15
                                                                                                                                                                                        2024-03-07 05:28:23 UTC16384INData Raw: 8a db 56 b4 b9 8d 0c a8 04 10 a0 2c de 96 5b cc 0c 1a 44 c1 1b 61 56 e4 7e 41 9b c4 c2 59 ad a3 e8 5e 53 01 29 40 f7 d1 ae b2 34 ca d4 38 77 65 b9 cd c0 a7 df 17 49 c9 e3 55 41 c9 c0 47 ee 1f ed 1d 42 fb fa 55 1e bb b6 82 1c dd c0 f2 7e 7e 9f b0 57 e5 ea aa 6e 4a 01 3b a9 b9 5d 1d f6 18 e4 0d f5 d9 0a 78 18 ac 55 02 e2 b8 ad 02 d2 0c 03 76 bf 71 0d f7 cb 08 a3 55 96 ca 68 0d 87 8e ed 60 c0 36 14 46 49 e6 6c e0 04 41 61 dd 97 b5 03 40 fa 33 cf 97 dc 1b 2d 3c 06 a3 ed 0e af 8b 5a c1 79 9b 81 a4 6e 94 da ae 07 1d b3 c1 80 fb 57 2b f8 51 2b b2 30 51 71 ca 53 79 7c 87 fc 7c 59 ef d9 11 7d 09 88 b0 42 d5 29 3b 16 38 a5 d1 4d 11 94 7c 2a ec a9 ae 3d 45 64 df 21 40 df 09 6f 2b 88 30 08 87 f0 af 17 85 ce 15 ab b1 05 4e a1 a2 f3 a7 a8 d1 c0 06 83 ce 73 b0 2e ad 32
                                                                                                                                                                                        Data Ascii: V,[DaV~AY^S)@48weIUAGBU~~WnJ;]xUvqUh`6FIlAa@3-<ZynW+Q+0QqSy||Y}B);8M|*=Ed!@o+0Ns.2
                                                                                                                                                                                        2024-03-07 05:28:23 UTC16384INData Raw: 91 69 77 9c 5c dd ee 18 26 a2 4f 6b cd 1b 7e 03 5d 74 d1 4f 27 10 c3 f4 b1 6b f9 cb 51 04 5e 36 74 6f bd d5 4b e3 7b e7 01 4d 78 5f 53 e0 ec 7f 2f c3 fb 13 c0 55 43 b9 ba 56 54 53 8c 59 32 ed cf 96 79 c3 54 a9 f1 6b 99 f5 9e 7d 56 3a 34 fc 83 8b dc d0 17 f3 8c ae 96 96 de ea 94 0c 92 4a 5a 3a fd 70 73 09 a6 11 7f 2e 8f 46 b9 08 ab bf be 9c d1 d7 d3 39 fd dd 97 5f d3 ab cb 1b b1 1f d8 ef 66 74 c8 45 f4 84 ff 66 cc c0 e0 84 e8 78 64 68 5e 10 fd 61 5a d3 eb 33 14 42 61 de 68 39 c7 9d 7e 2d 93 4c a3 65 45 c7 5c 54 3b 5c 3c f7 7b 39 75 64 ba 44 dd 9d ef 14 1b ea 17 8e 86 7c 80 d7 2b 06 69 bd 11 8d b8 38 97 cb 25 1d 77 2c 4d 4b c7 80 ad a6 72 08 7d 00 7f 48 ab 4c 34 56 37 08 07 e6 7d bd 9a 5c d0 ef 3e fd 92 c1 54 46 6b 5e 88 7f fc ce 3b f4 5f bc f7 3e ed 0f 47
                                                                                                                                                                                        Data Ascii: iw\&Ok~]tO'kQ^6toK{Mx_S/UCVTSY2yTk}V:4JZ:ps.F9_ftEfxdh^aZ3Bah9~-LeE\T;\<{9udD|+i8%w,MKr}HL4V7}\>TFk^;_>G
                                                                                                                                                                                        2024-03-07 05:28:23 UTC16384INData Raw: 69 a8 7b 9f 41 e1 03 a2 d5 a9 a1 c5 ef 2d cd ce 18 9c ad 0d 83 8e 4a cc 3b 31 72 df 67 20 b9 df 27 7a b6 aa e8 66 3a 97 c2 81 7d 0b 39 58 69 be 9e 76 4b 9a f3 ae 93 3b 7f 60 0e 07 47 6e 3e a7 ee 87 ef c5 69 3c d8 09 b8 cd 8a 56 1f 7f 26 05 18 74 28 ae 0d f4 55 df 3b 3a a1 cd de 90 5e cc a6 94 0d 7a 9a 47 57 2b d8 80 2b 39 3a 29 2a f0 af b5 bb 85 ce 11 80 17 26 ca e0 c3 d4 ef 8b f7 95 90 a0 7e 9c 3f 38 5b 43 06 04 25 11 02 93 c9 74 95 ba 13 bc 50 f9 c7 6b a1 05 68 40 57 0a 46 8e d2 05 f0 3a a7 f9 64 46 dd bb 47 b4 99 2e a8 c7 e7 88 58 1d e9 1e 65 ae a1 ef 7a 5d f9 7e a8 fa 98 32 33 a5 2f de 92 23 a7 a0 53 c1 97 6a 9f d0 ad 92 5c 3b e7 f3 e3 bc 4d 40 43 41 d9 98 3b a8 5a 1d ef 70 6d b3 d8 1d a2 c4 d0 31 d4 73 b8 c8 c3 29 bc 14 f3 cb 2c 02 5a 85 2b 75 0c b0
                                                                                                                                                                                        Data Ascii: i{A-J;1rg 'zf:}9XivK;`Gn>i<V&t(U;:^zGW++9:)*&~?8[C%tPkh@WF:dFG.Xez]~23/#Sj\;M@CA;Zpm1s),Z+u
                                                                                                                                                                                        2024-03-07 05:28:23 UTC16384INData Raw: dd 1d e0 f1 fe 11 8e aa df 21 2f 98 60 2c 52 d4 36 0f 75 d3 9a 7e 45 81 15 17 5f 2e 2a 04 00 29 37 77 e4 49 ac c4 39 7b ec 88 3e 92 00 3d 9b 5e a4 98 51 20 8f ca 47 8a 2a c9 d0 d2 df a9 d5 22 19 67 08 2e 8a 8c ba db e4 94 0a 58 4c ff 14 25 25 be 39 3c 1b e6 93 c2 8a af b5 df ed e0 e6 f2 0a fe fc 87 ef 49 a4 fd c3 df fe 4e 26 97 34 21 35 0e d6 c7 43 46 e4 80 fe 45 99 01 24 ba 94 63 31 fb a7 bf fc 19 de bd ff 00 9f 6e 6f 61 73 76 c6 d3 72 34 15 98 d9 48 33 44 6a 1b 15 9a 12 64 8d d0 9f be ff 16 6e 2b b8 7a fb fe 23 9c 9f ad cd 5b 2a c4 36 1d a6 80 30 ad 3b 6a 74 41 d1 e9 32 b0 d6 0d 86 fa 22 70 c2 d0 5b 3c 5e 12 8e 93 59 66 3f cd 43 03 f1 99 2a c5 04 d3 7a 1e 94 d1 40 86 24 c5 30 ad c2 ca 94 08 48 e0 f6 14 47 b2 20 ea 24 c3 c5 51 04 d9 9f f1 19 c1 5a 43 ca
                                                                                                                                                                                        Data Ascii: !/`,R6u~E_.*)7wI9{>=^Q G*"g.XL%%9<IN&4!5CFE$c1noasvr4H3Djdn+z#[*60;jtA2"p[<^Yf?C*z@$0HG $QZC
                                                                                                                                                                                        2024-03-07 05:28:24 UTC16384INData Raw: a5 20 01 42 10 13 6b 64 f9 2d 3c 21 77 68 18 59 3b 8b e4 e2 6c 20 09 17 b8 5c 16 9d 8a 03 b0 e8 01 7f 2c dd 14 e5 cf 5e 10 6b d9 45 d3 ab 00 3c f7 17 b5 f4 df c4 68 73 b7 8b 7c 4a 77 de 6f e6 17 76 bd 0b 2f 55 14 94 77 e3 61 d8 f6 c8 83 ae df cb 7f 1d 41 83 25 d1 50 f1 99 67 ed 78 60 a1 bd 46 63 67 6c 3f 05 6f 5d 21 61 ec bc 7d 7e 8d 0b 7f fa 4c 32 e6 c0 25 37 37 e4 f6 90 c5 cc 8b d3 75 52 4c fc 27 0b e9 f7 4b 3e 12 c5 74 d6 61 fb 9c 1e 0f 4d 99 42 d0 50 42 80 36 74 ec 49 ce d5 f6 38 2d 9e 47 bd 63 64 a5 cc 91 1c 60 91 db be 81 8a dc 4a 16 96 69 84 5f eb 6a ae ff 7a 5e e1 1f de df c1 7f f9 f9 ab 18 c7 6b 49 9a f7 ff 79 95 09 96 ba 0f ef 32 0b 89 cb e5 53 52 c9 46 8c fd e8 8c 15 46 a7 21 83 9d 0a 62 1d e4 2c 66 9c 47 97 74 e4 9c 5d 04 a8 3b 48 04 fb 79 4f
                                                                                                                                                                                        Data Ascii: Bkd-<!whY;l \,^kE<hs|Jwov/UwaA%Pgx`Fcgl?o]!a}~L2%77uRL'K>taMBPB6tI8-Gcd`Ji_jz^kIy2SRFF!b,fGt];HyO
                                                                                                                                                                                        2024-03-07 05:28:24 UTC16384INData Raw: 5f fb fa 96 c0 c9 ef 6a a1 5c ac d2 d3 44 51 ba 8a 40 69 f4 35 f9 ac 97 54 6b b0 0b de fd 71 03 4e 3f 6c 17 f9 0d 90 20 7b 48 78 2f bb b6 0d 34 6d 1b 9b 31 14 2b 65 3e 54 54 51 78 e5 89 6f f1 bc 01 d5 f0 43 93 13 83 3e 31 46 6c e9 1a 97 a0 f5 16 64 c0 48 da f0 24 a3 a9 d3 a2 f5 2d 1e 57 60 26 69 09 29 34 60 a5 12 98 ca 51 ec 9f f1 e6 fa d5 24 27 84 ca 5a 95 ca 17 31 63 df 56 7b 64 b8 9f 2f f5 32 41 49 4a ce f7 e0 cc 8a 83 93 88 85 40 2a 93 74 29 05 69 34 83 83 2e 10 c0 11 ac 42 04 20 f6 30 b9 bb fc 45 50 13 a4 5b 00 93 36 1f 32 e0 d0 de 4d 5f d7 e1 f5 a3 19 c1 a9 64 18 09 70 42 03 c5 31 f6 0e f1 1c ba 31 6a b0 aa fb 74 24 be c0 7a fa c8 c6 d1 33 43 ab 97 fa 16 cd f5 12 59 6e 59 82 39 8b c3 4e e9 f5 e2 42 67 66 5b 58 8e 5b 96 52 0b 13 00 4e c1 a6 67 38 31
                                                                                                                                                                                        Data Ascii: _j\DQ@i5TkqN?l {Hx/4m1+e>TTQxoC>1FldH$-W`&i)4`Q$'Z1cV{d/2AIJ@*t)i4.B 0EP[62M_dpB11jt$z3CYnY9NBgf[X[RNg81
                                                                                                                                                                                        2024-03-07 05:28:24 UTC16384INData Raw: fb d6 1a 31 51 99 ff 18 c3 02 f1 c1 3a f6 f1 b4 b4 43 f7 3d b3 f2 84 3e 8f 73 8a 72 b5 86 e7 fb 24 76 0c d7 18 7d 70 e3 71 d3 4a c2 c0 4e 5c e7 9e d1 b7 4c 48 6f f7 b0 f0 b0 9f b1 63 81 29 c8 d0 27 f6 41 26 98 4d 4e ca e9 5c e7 3a d7 87 01 9c 2e 6b 2e 4b 3e fd d6 55 be fd 33 37 f9 a9 9f fa 58 7e cf ef f8 68 69 43 46 7f dc f0 30 f6 3f 0b 5d b1 9a c4 8d 78 84 c8 58 e8 46 5d f4 2b 07 a0 c1 37 75 8b f6 d0 43 51 74 a0 e4 45 7c 8f a2 5b 7e b9 fc b4 ea bb 9c 99 32 78 16 bb 7e c9 3d 7a 7a 1b 49 8d 4a 91 32 e5 36 3c c7 4c 0b 2f c5 3a 18 36 fa 84 2d 83 11 5d 4d 6e b7 7b 88 bd b7 96 53 4d 63 54 37 72 04 9b 56 20 49 f8 90 8a 36 7b fa 14 3d ce 38 d8 3e b4 2d 0a 6c b0 7f c5 3a 61 90 7d c4 41 f8 ee 3a 97 28 d0 2b 73 70 7f e5 f2 8d e7 c3 f4 62 0a eb 7d 6a 90 7c a5 da 41
                                                                                                                                                                                        Data Ascii: 1Q:C=>sr$v}pqJN\LHoc)'A&MN\:.k.K>U37X~hiCF0?]xXF]+7uCQtE|[~2x~=zzIJ26<L/:6-]Mn{SMcT7rV I6{=8>-l:a}A:(+spb}j|A
                                                                                                                                                                                        2024-03-07 05:28:24 UTC16384INData Raw: c3 37 88 93 57 df 47 29 30 55 43 88 5d ba 83 ce 4e a8 1e 9c aa 9d 91 50 68 b6 42 57 35 66 d8 5f 14 93 d9 7a e8 6d 4b 01 2d 39 2b 43 d4 6d 99 6f 17 af 51 1b b9 ad 93 1d 43 c4 8b b0 51 66 8a 66 bb 1f ab 30 fe 44 3c 8e a6 10 1f ad 93 04 22 ad 84 d1 62 c2 ed e9 51 f8 f1 52 a1 f1 4a 46 c1 a7 0c d5 85 d5 5e d8 00 08 00 8c f2 35 4a 44 cd 10 f2 2c c6 9b f1 1a 1c a8 61 aa 6e b5 78 27 90 f2 16 14 0b fd 69 90 2d 0a 72 f1 6e 72 66 4c 5c 03 76 0f 10 3b c5 d5 f7 6c e1 4d ff a0 05 74 00 94 b4 e8 d6 38 a2 64 23 cf 2b 18 39 ce e3 11 05 5e 32 7a 85 99 a3 e1 02 72 00 5b 01 98 24 76 a7 53 ee 9c d2 f7 0d 64 f8 75 15 53 ac 7b 99 a0 eb 83 43 8c 7b 0c 53 30 a8 8d 56 da 20 f0 f9 8e 0f ff 38 fe 23 7d 48 17 ab 59 34 7d 3c 7d 08 87 78 ba 36 4b 26 9e 7f 98 1a 5d 8f 93 dd dc bb 7d 46
                                                                                                                                                                                        Data Ascii: 7WG)0UC]NPhBW5f_zmK-9+CmoQCQff0D<"bQRJF^5JD,anx'i-rnrfL\v;lMt8d#+9^2zr[$vSduS{C{S0V 8#}HY4}<}x6K&]}F
                                                                                                                                                                                        2024-03-07 05:28:24 UTC16384INData Raw: 3c b0 0d ec 25 97 75 7b 84 59 04 af 54 e2 6f 53 29 68 a2 d7 3d 3d 53 4b 75 f5 aa 57 bd ae 37 e3 34 de 9d e3 32 4d e3 cd 99 9e 5a 57 2e 98 b2 d5 6e b8 c9 3a 07 98 e8 22 6b f8 12 99 10 0e 96 b5 b2 00 6a b0 5e e0 c7 ff 70 0a cf 1c b9 8c db 3e 30 8a af ff f9 cd 78 e4 9e bd 58 bf 30 c4 a9 d3 ab 30 25 d0 9a 9d ed a0 d9 ce 70 e4 d5 79 fc fa e7 a7 90 97 17 c7 87 ef df 8b 8f 7c e8 00 0e dc 33 83 d5 d5 3e 2e 9c 59 c5 b0 bc 98 ef 9c 6c 61 b6 9b 61 b5 07 9c 58 1c a2 a1 0a dc b6 b3 89 f2 61 b0 b2 e5 af cc ee ee 1d 72 13 17 de 12 51 b2 aa 44 29 2c fd 1d c9 71 76 e3 d2 9a 36 f2 46 e8 29 0b 85 b3 c3 01 8f aa 83 37 20 cd 35 18 24 61 3a a0 40 a1 93 85 49 a4 23 be 7b a7 b8 01 25 27 c8 a8 76 c2 b3 58 45 30 03 cb 54 6f b6 25 8b 0c 25 0b 9e 06 c3 81 e8 fb 02 67 25 f1 06 68 c4
                                                                                                                                                                                        Data Ascii: <%u{YToS)h==SKuW742MZW.n:"kj^p>0xX00%py|3>.YlaaXarQD),qv6F)7 5$a:@I#{%'vXE0To%%g%h


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        7192.168.2.749717183.131.158.1084431340C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-03-07 05:28:22 UTC324OUTGET /page/microend/jz/images/icoimg.png HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&
                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)
                                                                                                                                                                                        Host: yx.3dmgame.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-03-07 05:28:23 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Thu, 07 Mar 2024 05:28:23 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Content-Length: 77414
                                                                                                                                                                                        Last-Modified: Mon, 10 Jan 2022 10:01:33 GMT
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        ETag: "61dc03fd-12e66"
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-03-07 05:28:23 UTC16081INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 65 00 00 01 53 08 06 00 00 00 e1 a6 1d 0b 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 ff a5 49 44 41 54 78 5e ec bd 07 98 1e c5 95 b6 2d 87 b5 bd 0e eb 5d 7b bd e9 5b db 98 a0 9c 25 94 41 88 8c 08 ca 39 e7 9c 73 ce a3 34 92 66 94 46 d2 28 67 01 02 81 c8 60 72 c6 04 63 b0 c1 60 af 03 b6 77 6d cc 8e d7 79 f7 db 3d ff 73 9f aa 7a e7 9d d1 48 04 0b 4b fb fd 7d ae eb 5c d5 5d 1d df ee aa bb 9e 3e 55 dd 6f 35 d9 36 b9 9d 06 67 3f ef d5 4e d7 31 77 7d f4 a3 d5 a6 29 5d 2a ff 3f f2 3f ab 3d f3 cc 33 43 9f 7e fa e9 69 f2 73 62 d6 19 b5 87 1e 7a e8 f3 71 f2 04 e3 1c 39 d7 53 ad f3 7e 2c ed 4f de 25
                                                                                                                                                                                        Data Ascii: PNGIHDReSsRGBgAMAapHYsodIDATx^-]{[%A9s4fF(g`rc`wmy=szHK}\]>Uo56g?N1w})]*??=3C~isbzq9S~,O%
                                                                                                                                                                                        2024-03-07 05:28:23 UTC16384INData Raw: d5 58 5c a2 86 a1 9d 1a 8c 4b d4 38 b4 73 3f a8 fc 43 ab 35 2d 3f 52 78 a9 96 b3 ce 25 3e 4d 1e eb 1f 58 71 89 ed 5f d9 56 40 0b eb b1 9f fd cb b5 bf 15 17 fb be c2 fe 2e d1 f2 4b b5 ac ad d6 55 fe aa b6 b9 7d ed 5b 7e b1 1e fd db 86 f3 90 b3 2d d3 7b 96 5e 24 10 5e 64 bb 96 b4 91 6b 7a f1 45 82 61 6b 81 b1 b5 95 2e 68 a5 86 b0 b5 6d 5f d8 46 f3 6d 04 c7 d6 ba 0e fc f6 56 4a 5b f9 35 e2 fa 6c 9a d5 c2 36 cd 94 93 ce 6a 29 f0 e9 ba 4e bd d0 36 ce 6c e9 d7 79 dd a4 a6 02 5f 53 2b 9a d6 cc 36 cc 6c 65 eb a6 08 7c ba 2f 05 a3 1a a8 41 6f a0 69 dd 97 31 8d ad 60 44 43 bf 9f 4b 86 37 f0 fb bb 60 48 5d dd ef ba 36 7f 60 5d 5b 38 a4 be d2 7a 2a 07 75 6c 81 ca c6 3c a6 07 d4 b1 39 9a 9f d3 af b6 cd 92 cf 54 79 99 dd af ae cd ea 5b c7 66 aa cc cc ec 23 57 99 22 a5
                                                                                                                                                                                        Data Ascii: X\K8s?C5-?Rx%>MXq_V@.KU}[~-{^$^dkzEak.hm_FmVJ[5l6j)N6ly_S+6le|/Aoi1`DCK7`H]6`][8z*ul<9Ty[f#W"
                                                                                                                                                                                        2024-03-07 05:28:23 UTC16384INData Raw: e7 de bd b9 e7 0d 52 d9 a4 ac 0e ec dc 44 e5 54 f3 4c ab fc 32 8d 8f d6 fe be fc f7 9f cf be a7 9c d9 99 b7 36 8d bf 62 bf 7f 7e be bd 71 e7 44 7b f5 d8 58 7b e9 e8 28 7b e9 e6 91 ee 2f df 32 d2 5e b9 6d 8c bd 7a db 38 fb f6 71 7c bc bd 76 d7 04 7b fd ae 89 f2 09 f6 bd fb a7 b8 7f ff 81 e4 53 ed 87 0f 4e b3 1f 3e 3c cd 7e f4 c8 0c fb c9 63 33 ed 2d f9 4f 1f 9f 6d 3f 7b 62 96 fd ec 49 a5 f2 7f 7b 66 9e bd fd dc 7c fb e5 37 16 d8 2f 5f 58 68 bf 7c 7e 81 bd f3 e2 42 2b fb e6 22 fb d5 cb 8b ed d7 af 2c 71 ff cd b7 97 d9 ef 5f 5b 6e bf 7f 7d b9 fd e1 bb 2b ec 8f 6f ac b4 3f be b9 d2 fe f3 7b ab ec 7f 7e b8 c6 fe e7 47 6b cc 7e b4 d6 ec ad 75 66 3f 29 32 fb 69 b1 d9 bf ae 0f fe 33 4d ff 7c 83 d9 db 1b cd 7e b9 d9 ec df b7 94 fb af e4 ff b1 d5 ec d7 db 82 ff a6
                                                                                                                                                                                        Data Ascii: RDTL26b~qD{X{({/2^mz8q|v{SN><~c3-Om?{bI{f|7/_Xh|~B+",q_[n}+o?{~Gk~uf?)2i3M|~
                                                                                                                                                                                        2024-03-07 05:28:23 UTC16384INData Raw: a3 2f b3 b3 c0 ea 5e f0 a5 77 6e 2b bc de d6 4c 68 6d 7c ff 02 45 4a 3c 98 7f 07 01 ce a4 78 88 17 87 4f 6c 52 89 fc 55 68 b9 7f 68 86 69 6d c7 90 35 00 9c 5e 14 f0 3c 07 2f 61 09 e0 1b 94 2e b0 05 d6 80 18 9f 3f 88 bf 9f 97 22 16 7c 59 c6 87 d0 f9 fb 27 f2 48 17 08 cc 8b 87 37 b6 25 52 f3 8b 87 91 36 b6 0d 33 2f b5 47 6e 9f 6a 8f dc 36 c5 1e 3e 36 59 a9 5c e9 a3 72 be 05 ec df 03 be ad fc 7b 0e 4f de 3e d9 7e fc 3a 6f a6 ed b3 a7 8e 4f 96 4f f1 f4 69 c1 e9 99 bb a6 c5 6f 18 a3 1e 89 b1 ee d7 fc ad b6 73 9e 54 b6 c0 cd f8 e5 3f fc 16 f0 6d f3 7f 28 d9 2a e5 c9 50 34 60 ee 63 85 47 36 f0 d1 1b 28 ee 30 7a a2 be 3d 76 13 1f 29 d2 23 3d 50 fe 6e a1 6d 22 14 21 b8 96 10 56 98 d6 dc b6 4e 6f e5 b0 2c 9d dd d6 b6 cd be c8 4a 66 5d 64 7b a5 54 8f 49 a9 1f dd d2
                                                                                                                                                                                        Data Ascii: /^wn+Lhm|EJ<xOlRUhhim5^</a.?"|Y'H7%R63/Gnj6>6Y\r{O>~:oOOiosT?m(*P4`cG6(0z=v)#=Pnm"!VNo,Jf]d{TI
                                                                                                                                                                                        2024-03-07 05:28:23 UTC12181INData Raw: 82 c9 b7 10 aa 60 05 0f 23 2b 9c b3 80 2d 77 4c 7d f1 89 66 ef d0 c3 c4 5d 00 32 c7 31 97 21 08 ab 0e e3 88 99 b4 de 18 01 d9 dd b3 cf 97 dc 13 8c 86 f6 03 ec 18 ca 67 f6 4d 48 6e 1e 49 d2 9d 91 ba 7d f5 bf df 3e b5 77 9c e5 e1 94 55 a9 a9 bc b8 65 60 4c 1e bb 63 2a 3a 31 3b 2a 7d ec 88 c3 30 31 ac fd 4c d7 71 34 96 4d 72 2a ee 62 88 f1 29 67 08 e9 b3 e0 38 e7 39 ac e0 c0 c5 30 01 18 6e bd f6 50 85 1a 9f 03 d9 63 88 6a 9c 92 af 5d a6 d1 aa 11 7b 43 16 6c 01 2d 90 8d 43 17 9d 8a d6 b6 aa 1c c0 1c 41 d9 1b 7d 34 19 e8 60 66 09 56 98 5c da 2f 48 e7 69 df c1 55 3d ac b5 60 a6 fd e0 c3 6a bb f5 44 b6 b5 ec 19 67 65 6b ee b3 8a b5 f7 5b c5 ba 07 ec 71 81 eb 3b 82 f3 d7 9f db 67 5f 73 e5 aa 1c f4 9b 5f b7 0a 6e 8d 52 8b fd fc 93 7a c1 79 9f bd f7 22 da ef ab 33
                                                                                                                                                                                        Data Ascii: `#+-wL}f]21!gMHnI}>wUe`Lc*:1;*}01Lq4Mr*b)g890nPcj]{Cl-CA}4`fV\/HiU=`jDgek[q;g_s_nRzy"3


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        8192.168.2.749719183.131.158.1084431340C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-03-07 05:28:24 UTC324OUTGET /page/microend/jz/images/name_i.png HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&
                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)
                                                                                                                                                                                        Host: yx.3dmgame.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-03-07 05:28:25 UTC300INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Thu, 07 Mar 2024 05:28:25 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Content-Length: 1847
                                                                                                                                                                                        Last-Modified: Mon, 10 Jan 2022 10:01:33 GMT
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        ETag: "61dc03fd-737"
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-03-07 05:28:25 UTC1847INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 12 00 00 00 13 08 06 00 00 00 9d 92 5d f2 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 71 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20
                                                                                                                                                                                        Data Ascii: PNGIHDR]tEXtSoftwareAdobe ImageReadyqe<qiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        9192.168.2.749720183.131.158.1084431340C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-03-07 05:28:26 UTC327OUTGET /page/microend/jz/images/third_btn.png HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&
                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)
                                                                                                                                                                                        Host: yx.3dmgame.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-03-07 05:28:26 UTC300INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Thu, 07 Mar 2024 05:28:26 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Content-Length: 3713
                                                                                                                                                                                        Last-Modified: Mon, 10 Jan 2022 10:01:33 GMT
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        ETag: "61dc03fd-e81"
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-03-07 05:28:26 UTC3713INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 7a 00 00 00 1c 08 06 00 00 00 ae f4 ab a3 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 71 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20
                                                                                                                                                                                        Data Ascii: PNGIHDRztEXtSoftwareAdobe ImageReadyqe<qiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        10192.168.2.749721183.131.158.1084431340C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-03-07 05:28:27 UTC325OUTGET /page/microend/jz/images/lihover.png HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&
                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)
                                                                                                                                                                                        Host: yx.3dmgame.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-03-07 05:28:27 UTC301INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Thu, 07 Mar 2024 05:28:27 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Content-Length: 5601
                                                                                                                                                                                        Last-Modified: Mon, 10 Jan 2022 10:01:33 GMT
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        ETag: "61dc03fd-15e1"
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-03-07 05:28:27 UTC5601INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 77 00 00 00 2c 08 06 00 00 00 5f 70 27 be 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 71 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20
                                                                                                                                                                                        Data Ascii: PNGIHDRw,_p'tEXtSoftwareAdobe ImageReadyqe<qiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        11192.168.2.749724183.131.158.1084431340C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-03-07 05:28:27 UTC321OUTGET /page/microend/jz/images/img.png HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: https://yx.3dmgame.com/yy/jz/microend?mytime=1709789293&ver=3&
                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/7.0)
                                                                                                                                                                                        Host: yx.3dmgame.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-03-07 05:28:28 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Thu, 07 Mar 2024 05:28:28 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Content-Length: 94326
                                                                                                                                                                                        Last-Modified: Mon, 10 Jan 2022 10:01:33 GMT
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        ETag: "61dc03fd-17076"
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        2024-03-07 05:28:28 UTC16081INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 14 00 00 00 b2 08 02 00 00 00 0c 20 a7 69 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 71 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20
                                                                                                                                                                                        Data Ascii: PNGIHDR itEXtSoftwareAdobe ImageReadyqe<qiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15
                                                                                                                                                                                        2024-03-07 05:28:28 UTC16384INData Raw: a9 44 21 e6 71 ba b9 b9 7a f5 d9 2d 80 28 33 7d 81 ab 6a c7 70 78 75 6d bd 26 48 c9 29 d4 90 2e 1d b7 89 05 36 6d b3 09 b5 e9 e0 1f da 59 b0 d3 e2 d4 95 b0 c3 e8 5c b3 0d 6d 17 2b 42 84 6a bd 1f c5 06 d5 30 82 2a 03 59 c2 e1 12 42 a6 b0 09 63 2c 49 59 64 29 a8 7f 24 86 35 7f 81 dd 8f 46 b3 e3 62 95 e2 cf 8e b2 12 84 61 70 21 44 0b 9b 74 8f f4 2c a3 c2 13 65 c8 c4 f6 37 02 98 4a 7f f0 5d 02 68 12 56 ad 92 ef 57 75 4d ee 26 08 20 59 45 9e bf ce 38 d9 be 9c 90 39 94 69 df e5 b6 3e a4 e9 f1 c3 db bb 6f be 7a fb f5 ef be ff f6 eb ef bf fe ed 37 ef df 7e 5c d2 fa c9 f3 2b 20 b4 77 1f 3e e2 ad bb e0 0f 5d 7c 76 b5 b3 b9 6e 6c b2 9e 98 d1 9f 4f a7 ee d8 dd 7f 38 fd f3 ff f7 af 7f f9 3f ff 55 ba bc 9f 67 9e 25 83 c0 9b a6 f5 f1 fe f1 ea 6a d8 0f 3d 45 21 09 d4 a9
                                                                                                                                                                                        Data Ascii: D!qz-(3}jpxum&H).6mY\m+Bj0*YBc,IYd)$5Fbap!Dt,e7J]hVWuM& YE89i>oz7~\+ w>]|vnlO8?Ug%j=E!
                                                                                                                                                                                        2024-03-07 05:28:29 UTC16384INData Raw: c6 f5 37 9c ad a7 e4 be 85 43 50 7b 61 9b 03 36 44 60 9f 53 45 2c ab 9b 1b 5f 7f 7b 62 57 39 9f 37 29 ca 48 90 f4 31 64 45 f4 82 8a a8 3c 41 be e7 ab e2 c6 d1 08 fb 4c e9 86 2e 3e 16 be 53 42 17 1c 8d 0e 4a 71 a0 39 42 49 01 ff a6 ed 8b ca 3d 2f ba 39 90 3e b1 d3 1d df 35 da db dd d5 33 73 0e 1d be 5c df 60 76 6a 7c 74 7a ba d5 30 25 bf 91 ef 53 7a 87 66 55 29 28 d4 1a b9 19 7d 93 23 7b 36 af 58 9e 33 94 45 87 1d e7 4d ec f2 9c 30 2f 87 4e a3 0e 41 3b b7 01 f0 ab aa 03 c9 19 b9 b0 b7 f6 20 d1 d7 3d 7b 41 df 82 45 11 78 9a 2a 26 37 ac 3e ec bb 81 ea c5 90 e2 50 14 d7 c5 40 c5 19 2f 3b d5 f1 42 0a b6 cf 29 cd ac d4 1a 74 2c cd b4 a5 1b 70 81 b2 2c 5d d7 0b 71 23 57 d9 ba e7 ed 27 5e ce 94 b2 f4 4b 8b 5d d9 e2 11 e7 3d f7 a3 f5 d9 68 b4 6f 70 9e 61 e6 9a 7e
                                                                                                                                                                                        Data Ascii: 7CP{a6D`SE,_{bW97)H1dE<AL.>SBJq9BI=/9>53s\`vj|tz0%SzfU)(}#{6X3EM0/NA; ={AEx*&7>P@/;B)t,p,]q#W'^K]=hopa~
                                                                                                                                                                                        2024-03-07 05:28:29 UTC16384INData Raw: 34 80 e3 2e 62 9a 29 9e 3f 52 a0 eb 2a 74 76 93 a0 67 80 06 81 50 21 b0 c7 da f2 a6 49 08 5a f1 3d 57 92 55 43 c1 c8 3b a1 49 42 99 86 6d 2a 8e 1e cb 06 e1 44 fa f9 11 3d 2d 43 4a 0d b9 a8 4a b1 87 9e 8f 92 c2 6a 89 b6 52 43 6d ab 99 99 84 ba 42 41 25 8b bc d1 b0 a2 29 53 73 fb 73 c0 2a 0a 0a 04 07 2c 0a 87 e1 38 08 43 be bb cc 73 d7 f3 86 7e e8 30 4c 50 60 04 9d 0c 46 ee ce 89 a6 5d 64 83 ca 82 eb 0e fa c3 8d 2c 2a 08 63 45 21 fd 3f 02 36 c2 1b f4 9d 5a 33 83 17 bd 9f c3 85 1a 7c d0 d8 0d fc b1 1b 12 2e 89 38 21 44 d1 68 d8 a7 d2 9f 1b 9b 74 be e2 f3 ae bc 74 ff b5 d7 d5 db 93 14 d0 d7 97 56 56 ef 79 34 0e e3 ac 52 50 59 87 30 a1 69 5e 12 9f 3e b6 b4 fb 82 ad bd 8d 71 af ef 4e b7 ab 68 c8 a7 ae a4 ee 68 6d bd 61 ed a5 6f ce cd 4f ef de b3 7b a3 d7 61 e7
                                                                                                                                                                                        Data Ascii: 4.b)?R*tvgP!IZ=WUC;IBm*D=-CJJjRCmBA%)Sss*,8Cs~0LP`F]d,*cE!?6Z3|.8!DhttVVy4RPY0i^>qNhhmaoO{a
                                                                                                                                                                                        2024-03-07 05:28:30 UTC16384INData Raw: c5 9d cd d0 4f ad 3d 75 f8 fa c2 10 0b 8c ef af fe 60 55 36 d5 44 70 13 07 d0 0a d5 53 cc 62 27 60 cc 7a 21 fb 15 62 bd e1 0c 67 b0 3d 1f b2 39 c8 18 08 3f 4a 19 7c a8 68 4f 41 6b e7 f1 34 d0 cd e9 dd 16 19 7b e1 09 36 8d e5 2b 37 6e 20 14 31 fd b4 58 a6 3c 4e 5b 3e 06 d3 08 46 d6 8a 58 ed 4a c7 9e a3 2f 4d 78 66 1c 94 1b 7a 48 63 2f a5 87 8f a6 a8 2c 87 a1 f1 33 d7 e6 e9 b0 01 c4 12 04 b6 55 c4 89 1a 06 6a a5 62 eb 9a b1 de 33 5c d7 dd 36 97 4c ed d8 46 05 37 52 20 c1 35 aa 57 e2 20 4f c2 34 0a b3 04 35 c2 d0 f5 18 b7 e7 ec 5d 23 ab 50 b5 a4 17 d4 a1 97 9a 95 17 73 d9 60 8c 11 8c 99 99 1d 0d 50 6c 14 ee 83 ab 59 12 60 7b 10 06 92 e8 d4 57 69 77 4e 4f ed 3a f4 e4 dd a7 4e bd 30 0b af 1b 67 a3 1b c4 6e d7 34 ab 45 ee 4b b2 29 4f de 30 37 53 bf 6c f2 84 88
                                                                                                                                                                                        Data Ascii: O=u`U6DpSb'`z!bg=9?J|hOAk4{6+7n 1X<N[>FXJ/MxfzHc/,3Ujb3\6LF7R 5W O45]#Ps`PlY`{WiwNO:N0gn4EK)O07Sl
                                                                                                                                                                                        2024-03-07 05:28:30 UTC12709INData Raw: 28 59 1d 30 74 98 85 8a bb 48 9d 87 d5 4b e2 08 8f 9a 47 da 15 c3 b4 f8 96 c2 4f d9 61 e2 14 88 b8 35 b6 1b 60 3f 71 1d ab 51 03 56 64 46 99 d1 61 8e 2b ca cf 63 b3 c1 49 8d 2b 7f 12 c2 34 4d 63 bc 6f 59 a4 71 32 ab f4 ce fb 2e 9a a7 ea dd 17 5e bd 15 e7 52 74 9e 36 25 35 eb 31 fd c8 76 c7 35 65 9d a7 d1 6c 56 5f bd 3e dd dd 4f a8 f9 6c b7 8d 7e cf a2 52 19 4d 96 74 00 46 aa f3 93 a5 61 c3 dd 52 d8 01 ee 6d 11 1f 3a ae e1 b9 2d cc 3f 4b 3c 04 df 75 37 36 86 55 63 1d 1e 5c 8b c3 93 a0 7d 99 a5 c5 f5 bd fd a9 2d 6e 7f ff f7 3c 71 f1 fc 15 aa 1a 26 e3 e9 d1 f1 b4 e5 62 51 76 ff 28 ea 78 9c 06 0a b4 16 6a a6 0f 27 7b 8a a7 39 34 04 98 1d 55 c1 57 45 da 37 ee dc db ee 55 f3 65 1e 78 e6 cd e3 7a ba 10 fd c1 06 f5 8a 07 e3 fc fe ee f8 78 6f 24 9a e8 dc f9 9d 53
                                                                                                                                                                                        Data Ascii: (Y0tHKGOa5`?qQVdFa+cI+4McoYq2.^Rt6%51v5elV_>Ol~RMtFaRm:-?K<u76Uc\}-n<q&bQv(xj'{94UWE7Uexzxo$S


                                                                                                                                                                                        Statistics

                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                        Behavior

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        System Behavior

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                        Start time:06:28:11
                                                                                                                                                                                        Start date:07/03/2024
                                                                                                                                                                                        Path:C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
                                                                                                                                                                                        Imagebase:0x670000
                                                                                                                                                                                        File size:23'828'992 bytes
                                                                                                                                                                                        MD5 hash:BFC65CE21E22544286826E26A5EC45EF
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                        Start time:06:28:12
                                                                                                                                                                                        Start date:07/03/2024
                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:C:\Users\user\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
                                                                                                                                                                                        Imagebase:0x6c0000
                                                                                                                                                                                        File size:23'828'992 bytes
                                                                                                                                                                                        MD5 hash:BFC65CE21E22544286826E26A5EC45EF
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                        • Detection: 5%, ReversingLabs
                                                                                                                                                                                        • Detection: 3%, Virustotal, Browse
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        Disassembly

                                                                                                                                                                                        Reset < >

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:15.6%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                          Signature Coverage:7.4%
                                                                                                                                                                                          Total number of Nodes:689
                                                                                                                                                                                          Total number of Limit Nodes:15
                                                                                                                                                                                          execution_graph 6076 718f12 6077 718fc5 6076->6077 6078 718f24 6076->6078 6079 71cc96 _malloc 6 API calls 6077->6079 6084 718fbd 6078->6084 6086 718f81 RtlAllocateHeap 6078->6086 6088 718f35 6078->6088 6089 718fb1 6078->6089 6092 718fb6 6078->6092 6140 718ec3 6078->6140 6148 71cc96 6078->6148 6080 718fcb 6079->6080 6081 71eb48 __fileno 66 API calls 6080->6081 6081->6084 6086->6078 6088->6078 6094 7235e3 6088->6094 6103 723438 6088->6103 6137 71b4ea 6088->6137 6151 71eb48 6089->6151 6093 71eb48 __fileno 66 API calls 6092->6093 6093->6084 6154 72edad 6094->6154 6097 7235f7 6099 723438 __NMSG_WRITE 67 API calls 6097->6099 6101 723619 6097->6101 6098 72edad __set_error_mode 67 API calls 6098->6097 6100 72360f 6099->6100 6102 723438 __NMSG_WRITE 67 API calls 6100->6102 6101->6088 6102->6101 6104 72344c 6103->6104 6105 72edad __set_error_mode 64 API calls 6104->6105 6136 7235a7 6104->6136 6106 72346e 6105->6106 6107 7235ac GetStdHandle 6106->6107 6109 72edad __set_error_mode 64 API calls 6106->6109 6108 7235ba _strlen 6107->6108 6107->6136 6112 7235d3 WriteFile 6108->6112 6108->6136 6110 72347f 6109->6110 6110->6107 6111 723491 6110->6111 6111->6136 6177 721601 6111->6177 6112->6136 6115 7234c7 GetModuleFileNameA 6117 7234e5 6115->6117 6122 723508 _strlen 6115->6122 6119 721601 _strcpy_s 64 API calls 6117->6119 6120 7234f5 6119->6120 6120->6122 6123 718913 __invoke_watson 10 API calls 6120->6123 6121 72354b 6202 72b8fb 6121->6202 6122->6121 6193 71bdcb 6122->6193 6123->6122 6127 72356f 6130 72b8fb _strcat_s 64 API calls 6127->6130 6129 718913 __invoke_watson 10 API calls 6129->6127 6131 723583 6130->6131 6133 718913 __invoke_watson 10 API calls 6131->6133 6135 723594 6131->6135 6132 718913 __invoke_watson 10 API calls 6132->6121 6133->6135 6211 72ec44 6135->6211 6136->6088 6262 71b4bf GetModuleHandleW 6137->6262 6141 718ecf __msize 6140->6141 6142 718f00 __msize 6141->6142 6265 721815 6141->6265 6142->6078 6144 718ee5 6272 722027 6144->6272 6149 720283 __decode_pointer 6 API calls 6148->6149 6150 71cca6 6149->6150 6150->6078 6386 720493 GetLastError 6151->6386 6153 71eb4d 6153->6092 6155 72edbc 6154->6155 6156 71eb48 __fileno 67 API calls 6155->6156 6157 7235ea 6155->6157 6158 72eddf 6156->6158 6157->6097 6157->6098 6160 718a3b 6158->6160 6163 720283 TlsGetValue 6160->6163 6162 718a4b __invoke_watson 6164 72029b 6163->6164 6165 7202bc GetModuleHandleW 6163->6165 6164->6165 6168 7202a5 TlsGetValue 6164->6168 6166 7202d7 GetProcAddress 6165->6166 6167 7202cc 6165->6167 6172 7202b4 6166->6172 6173 71b466 6167->6173 6171 7202b0 6168->6171 6171->6165 6171->6172 6172->6162 6174 71b471 Sleep GetModuleHandleW 6173->6174 6175 71b493 6174->6175 6176 71b48f 6174->6176 6175->6166 6175->6172 6176->6174 6176->6175 6178 721612 6177->6178 6179 721619 6177->6179 6178->6179 6182 72163f 6178->6182 6180 71eb48 __fileno 67 API calls 6179->6180 6181 72161e 6180->6181 6183 718a3b __fileno 6 API calls 6181->6183 6184 72162d 6182->6184 6185 71eb48 __fileno 67 API calls 6182->6185 6183->6184 6184->6115 6186 718913 6184->6186 6185->6181 6238 71c450 6186->6238 6188 718940 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 6189 718a10 __invoke_watson 6188->6189 6190 718a1c GetCurrentProcess TerminateProcess 6188->6190 6189->6190 6240 71791b 6190->6240 6192 718a39 6192->6115 6198 71bddd 6193->6198 6194 71bde1 6195 71eb48 __fileno 67 API calls 6194->6195 6196 71bde6 6194->6196 6197 71bdfd 6195->6197 6196->6121 6196->6132 6199 718a3b __fileno 6 API calls 6197->6199 6198->6194 6198->6196 6200 71be27 6198->6200 6199->6196 6200->6196 6201 71eb48 __fileno 67 API calls 6200->6201 6201->6197 6203 72b913 6202->6203 6206 72b90c 6202->6206 6204 71eb48 __fileno 67 API calls 6203->6204 6205 72b918 6204->6205 6207 718a3b __fileno 6 API calls 6205->6207 6206->6203 6209 72b947 6206->6209 6208 72355e 6207->6208 6208->6127 6208->6129 6209->6208 6210 71eb48 __fileno 67 API calls 6209->6210 6210->6205 6249 72027a 6211->6249 6214 72ec67 LoadLibraryA 6216 72ed91 6214->6216 6217 72ec7c GetProcAddress 6214->6217 6215 72ecef 6220 720283 __decode_pointer 6 API calls 6215->6220 6234 72ed19 6215->6234 6216->6136 6217->6216 6218 72ec92 6217->6218 6252 720208 TlsGetValue 6218->6252 6219 72ed44 6222 720283 __decode_pointer 6 API calls 6219->6222 6224 72ed0c 6220->6224 6222->6216 6223 720283 __decode_pointer 6 API calls 6231 72ed5c 6223->6231 6226 720283 __decode_pointer 6 API calls 6224->6226 6226->6234 6227 720208 __encode_pointer 6 API calls 6228 72ecad GetProcAddress 6227->6228 6229 720208 __encode_pointer 6 API calls 6228->6229 6230 72ecc2 GetProcAddress 6229->6230 6232 720208 __encode_pointer 6 API calls 6230->6232 6231->6219 6233 720283 __decode_pointer 6 API calls 6231->6233 6235 72ecd7 6232->6235 6233->6219 6234->6219 6234->6223 6235->6215 6236 72ece1 GetProcAddress 6235->6236 6237 720208 __encode_pointer 6 API calls 6236->6237 6237->6215 6239 71c45c __VEC_memzero 6238->6239 6239->6188 6241 717923 6240->6241 6242 717925 IsDebuggerPresent 6240->6242 6241->6192 6248 7232b9 6242->6248 6245 71faec SetUnhandledExceptionFilter UnhandledExceptionFilter 6246 71fb11 GetCurrentProcess TerminateProcess 6245->6246 6247 71fb09 __invoke_watson 6245->6247 6246->6192 6247->6246 6248->6245 6250 720208 __encode_pointer 6 API calls 6249->6250 6251 720281 6250->6251 6251->6214 6251->6215 6253 720220 6252->6253 6254 720241 GetModuleHandleW 6252->6254 6253->6254 6257 72022a TlsGetValue 6253->6257 6255 720251 6254->6255 6256 72025c GetProcAddress 6254->6256 6258 71b466 __crt_waiting_on_module_handle 2 API calls 6255->6258 6259 720239 GetProcAddress 6256->6259 6261 720235 6257->6261 6260 720257 6258->6260 6259->6227 6260->6256 6260->6259 6261->6254 6261->6259 6263 71b4d3 GetProcAddress 6262->6263 6264 71b4e3 ExitProcess 6262->6264 6263->6264 6266 72182a 6265->6266 6267 72183d EnterCriticalSection 6265->6267 6281 721752 6266->6281 6267->6144 6269 721830 6269->6267 6307 71b496 6269->6307 6274 722055 6272->6274 6273 7220ee 6276 718ef0 6273->6276 6381 721c3e 6273->6381 6274->6273 6274->6276 6374 721b8e 6274->6374 6278 718f09 6276->6278 6385 72173b LeaveCriticalSection 6278->6385 6280 718f10 6280->6142 6282 72175e __msize 6281->6282 6283 721784 6282->6283 6284 7235e3 __FF_MSGBANNER 67 API calls 6282->6284 6292 721794 __msize 6283->6292 6314 71e9d5 6283->6314 6286 721773 6284->6286 6288 723438 __NMSG_WRITE 67 API calls 6286->6288 6287 72179f 6290 7217a6 6287->6290 6291 7217b5 6287->6291 6289 72177a 6288->6289 6293 71b4ea __mtinitlocknum 3 API calls 6289->6293 6294 71eb48 __fileno 67 API calls 6290->6294 6295 721815 __lock 67 API calls 6291->6295 6292->6269 6293->6283 6294->6292 6296 7217bc 6295->6296 6297 7217f0 6296->6297 6298 7217c4 6296->6298 6299 717db4 __threadstartex@4 67 API calls 6297->6299 6319 72a62e 6298->6319 6302 7217e1 6299->6302 6301 7217cf 6301->6302 6323 717db4 6301->6323 6336 72180c 6302->6336 6305 7217db 6306 71eb48 __fileno 67 API calls 6305->6306 6306->6302 6308 7235e3 __FF_MSGBANNER 67 API calls 6307->6308 6309 71b4a0 6308->6309 6310 723438 __NMSG_WRITE 67 API calls 6309->6310 6311 71b4a8 6310->6311 6312 720283 __decode_pointer 6 API calls 6311->6312 6313 71b4b3 6312->6313 6313->6267 6318 71e9de 6314->6318 6316 71ea14 6316->6287 6317 71e9f5 Sleep 6317->6318 6318->6316 6318->6317 6339 718f12 6318->6339 6357 71c4cc 6319->6357 6321 72a63a InitializeCriticalSectionAndSpinCount 6322 72a67e __msize 6321->6322 6322->6301 6325 717dc0 __msize 6323->6325 6324 717e39 __dosmaperr __msize 6324->6305 6325->6324 6326 721815 __lock 65 API calls 6325->6326 6335 717dff 6325->6335 6332 717dd7 ___sbh_find_block 6326->6332 6327 717e14 HeapFree 6327->6324 6328 717e26 6327->6328 6329 71eb48 __fileno 65 API calls 6328->6329 6330 717e2b GetLastError 6329->6330 6330->6324 6331 717df1 6365 717e0a 6331->6365 6332->6331 6358 721878 6332->6358 6335->6324 6335->6327 6373 72173b LeaveCriticalSection 6336->6373 6338 721813 6338->6292 6340 718fc5 6339->6340 6341 718f24 6339->6341 6342 71cc96 _malloc 6 API calls 6340->6342 6347 718fbd 6341->6347 6348 718ec3 _malloc 66 API calls 6341->6348 6349 718f81 RtlAllocateHeap 6341->6349 6351 718f35 6341->6351 6352 718fb1 6341->6352 6353 71cc96 _malloc 6 API calls 6341->6353 6355 718fb6 6341->6355 6343 718fcb 6342->6343 6344 71eb48 __fileno 66 API calls 6343->6344 6344->6347 6345 7235e3 __FF_MSGBANNER 66 API calls 6345->6351 6346 723438 __NMSG_WRITE 66 API calls 6346->6351 6347->6318 6348->6341 6349->6341 6350 71b4ea __mtinitlocknum 3 API calls 6350->6351 6351->6341 6351->6345 6351->6346 6351->6350 6354 71eb48 __fileno 66 API calls 6352->6354 6353->6341 6354->6355 6356 71eb48 __fileno 66 API calls 6355->6356 6356->6347 6357->6321 6359 7218b7 6358->6359 6364 721b59 6358->6364 6360 721aa3 VirtualFree 6359->6360 6359->6364 6361 721b07 6360->6361 6362 721b16 VirtualFree HeapFree 6361->6362 6361->6364 6368 71a210 6362->6368 6364->6331 6372 72173b LeaveCriticalSection 6365->6372 6367 717e11 6367->6335 6369 71a228 6368->6369 6370 71a24f __VEC_memcpy 6369->6370 6371 71a257 6369->6371 6370->6371 6371->6364 6372->6367 6373->6338 6375 721ba1 HeapReAlloc 6374->6375 6376 721bd5 HeapAlloc 6374->6376 6377 721bc3 6375->6377 6378 721bbf 6375->6378 6376->6378 6379 721bf8 VirtualAlloc 6376->6379 6377->6376 6378->6273 6379->6378 6380 721c12 HeapFree 6379->6380 6380->6378 6382 721c55 VirtualAlloc 6381->6382 6384 721c9c 6382->6384 6384->6276 6385->6280 6401 72031e TlsGetValue 6386->6401 6389 720500 SetLastError 6389->6153 6392 7204c6 6393 720283 __decode_pointer 6 API calls 6392->6393 6394 7204d8 6393->6394 6395 7204f7 6394->6395 6396 7204df 6394->6396 6398 717db4 __threadstartex@4 64 API calls 6395->6398 6412 7203ac 6396->6412 6400 7204fd 6398->6400 6399 7204e7 GetCurrentThreadId 6399->6389 6400->6389 6402 720333 6401->6402 6403 72034e 6401->6403 6404 720283 __decode_pointer 6 API calls 6402->6404 6403->6389 6406 71ea1a 6403->6406 6405 72033e TlsSetValue 6404->6405 6405->6403 6409 71ea23 6406->6409 6408 71ea60 6408->6389 6408->6392 6409->6408 6410 71ea41 Sleep 6409->6410 6431 72230c 6409->6431 6411 71ea56 6410->6411 6411->6408 6411->6409 6448 71c4cc 6412->6448 6414 7203b8 GetModuleHandleW 6415 7203c8 6414->6415 6416 7203cf 6414->6416 6417 71b466 __crt_waiting_on_module_handle 2 API calls 6415->6417 6418 7203e6 GetProcAddress GetProcAddress 6416->6418 6419 72040a 6416->6419 6420 7203ce 6417->6420 6418->6419 6421 721815 __lock 63 API calls 6419->6421 6420->6416 6422 720429 InterlockedIncrement 6421->6422 6449 720481 6422->6449 6425 721815 __lock 63 API calls 6426 72044a 6425->6426 6452 71cf3f InterlockedIncrement 6426->6452 6428 720468 6464 72048a 6428->6464 6430 720475 __msize 6430->6399 6432 722318 __msize 6431->6432 6433 722330 6432->6433 6443 72234f _memset 6432->6443 6434 71eb48 __fileno 66 API calls 6433->6434 6435 722335 6434->6435 6436 718a3b __fileno 6 API calls 6435->6436 6439 722345 __msize 6436->6439 6437 7223c1 HeapAlloc 6437->6443 6438 721815 __lock 66 API calls 6438->6443 6439->6409 6440 71cc96 _malloc 6 API calls 6440->6443 6441 722027 ___sbh_alloc_block 5 API calls 6441->6443 6443->6437 6443->6438 6443->6439 6443->6440 6443->6441 6444 722408 6443->6444 6447 72173b LeaveCriticalSection 6444->6447 6446 72240f 6446->6443 6447->6446 6448->6414 6467 72173b LeaveCriticalSection 6449->6467 6451 720443 6451->6425 6453 71cf60 6452->6453 6454 71cf5d InterlockedIncrement 6452->6454 6455 71cf6a InterlockedIncrement 6453->6455 6456 71cf6d 6453->6456 6454->6453 6455->6456 6457 71cf77 InterlockedIncrement 6456->6457 6458 71cf7a 6456->6458 6457->6458 6459 71cf84 InterlockedIncrement 6458->6459 6461 71cf87 6458->6461 6459->6461 6460 71cfa0 InterlockedIncrement 6460->6461 6461->6460 6462 71cfb0 InterlockedIncrement 6461->6462 6463 71cfbb InterlockedIncrement 6461->6463 6462->6461 6463->6428 6468 72173b LeaveCriticalSection 6464->6468 6466 720491 6466->6430 6467->6451 6468->6466 6469 6cadb8 6470 6cadda 6469->6470 6478 6ca439 6470->6478 6475 6cae27 GetMessageW 6476 6cae1d DispatchMessageW 6475->6476 6477 6cae34 6475->6477 6476->6475 6490 6caf87 6478->6490 6481 6f6533 6848 6ca3f4 6481->6848 6484 6f6548 SetLastError 6486 6cae08 6484->6486 6485 6f6554 6485->6486 6854 6ca340 6485->6854 6486->6475 6488 6f6566 CreateWindowExW 6488->6486 6491 6caf9c 6490->6491 6492 6ca44a 6490->6492 6491->6492 6493 6cafab EnterCriticalSection 6491->6493 6492->6481 6494 6cafca 6493->6494 6507 6cb0cd 6493->6507 6495 6cafd1 GetClassInfoExW 6494->6495 6496 6cb042 LoadCursorW 6494->6496 6498 6caffa GetClassInfoExW 6495->6498 6499 6cb021 6495->6499 6496->6499 6497 6c69be LeaveCriticalSection 6497->6492 6498->6499 6500 6cb00f 6498->6500 6501 6cb08a GetClassInfoExW 6499->6501 6511 718bf0 6499->6511 6508 6c69be 6500->6508 6504 6cb0b1 RegisterClassExW 6501->6504 6501->6507 6514 6cac7b 6504->6514 6507->6497 6509 6c69c7 LeaveCriticalSection 6508->6509 6510 6c69d3 6508->6510 6509->6510 6510->6492 6520 7182ca 6511->6520 6515 6cac86 6514->6515 6518 6cacbe 6514->6518 6516 6cac9d 6515->6516 6769 6c1000 6515->6769 6516->6518 6777 718ad2 6516->6777 6518->6507 6521 7182f4 6520->6521 6522 7182d7 6520->6522 6524 718301 6521->6524 6525 71830e 6521->6525 6523 71eb48 __fileno 67 API calls 6522->6523 6527 7182dc 6523->6527 6526 71eb48 __fileno 67 API calls 6524->6526 6535 7181d2 6525->6535 6528 718306 6526->6528 6530 718a3b __fileno 6 API calls 6527->6530 6532 718a3b __fileno 6 API calls 6528->6532 6533 6cb084 6530->6533 6532->6533 6533->6501 6534 71eb48 __fileno 67 API calls 6534->6528 6536 718202 6535->6536 6537 7181e2 6535->6537 6539 718232 6536->6539 6541 718212 6536->6541 6538 71eb48 __fileno 67 API calls 6537->6538 6540 7181e7 6538->6540 6546 7181f7 6539->6546 6547 718279 6539->6547 6550 720905 6539->6550 6542 718a3b __fileno 6 API calls 6540->6542 6543 71eb48 __fileno 67 API calls 6541->6543 6542->6546 6544 718217 6543->6544 6545 718a3b __fileno 6 API calls 6544->6545 6545->6546 6546->6533 6546->6534 6547->6546 6549 720905 __flsbuf 101 API calls 6547->6549 6549->6546 6571 725815 6550->6571 6553 720920 6556 71eb48 __fileno 67 API calls 6553->6556 6554 720937 6555 72093b 6554->6555 6558 720948 __flsbuf 6554->6558 6557 71eb48 __fileno 67 API calls 6555->6557 6564 720925 6556->6564 6557->6564 6558->6564 6567 72099e 6558->6567 6570 7209a9 6558->6570 6577 72e8e6 6558->6577 6559 720a38 6561 725f7a __locking 101 API calls 6559->6561 6560 7209b8 6562 7209cf 6560->6562 6566 7209ec 6560->6566 6561->6564 6589 725f7a 6562->6589 6564->6547 6566->6564 6614 72e7cd 6566->6614 6567->6570 6586 72a6aa 6567->6586 6570->6559 6570->6560 6572 725824 6571->6572 6574 720915 6571->6574 6573 71eb48 __fileno 67 API calls 6572->6573 6575 725829 6573->6575 6574->6553 6574->6554 6576 718a3b __fileno 6 API calls 6575->6576 6576->6574 6578 72e8f3 6577->6578 6580 72e902 6577->6580 6579 71eb48 __fileno 67 API calls 6578->6579 6581 72e8f8 6579->6581 6582 72e926 6580->6582 6583 71eb48 __fileno 67 API calls 6580->6583 6581->6567 6582->6567 6584 72e916 6583->6584 6585 718a3b __fileno 6 API calls 6584->6585 6585->6582 6587 71e9d5 __malloc_crt 67 API calls 6586->6587 6588 72a6bf 6587->6588 6588->6570 6590 725f86 __msize 6589->6590 6591 725f8e 6590->6591 6593 725fa9 6590->6593 6646 71eb5b 6591->6646 6592 725fb7 6595 71eb5b __lseeki64 67 API calls 6592->6595 6593->6592 6598 725ff8 6593->6598 6597 725fbc 6595->6597 6600 71eb48 __fileno 67 API calls 6597->6600 6649 723a4c 6598->6649 6599 71eb48 __fileno 67 API calls 6608 725f9b __msize 6599->6608 6602 725fc3 6600->6602 6604 718a3b __fileno 6 API calls 6602->6604 6603 725ffe 6605 726021 6603->6605 6606 72600b 6603->6606 6604->6608 6607 71eb48 __fileno 67 API calls 6605->6607 6659 725847 6606->6659 6610 726026 6607->6610 6608->6564 6612 71eb5b __lseeki64 67 API calls 6610->6612 6611 726019 6718 72604c 6611->6718 6612->6611 6615 72e7d9 __msize 6614->6615 6616 72e806 6615->6616 6617 72e7ea 6615->6617 6619 72e814 6616->6619 6622 72e835 6616->6622 6618 71eb5b __lseeki64 67 API calls 6617->6618 6621 72e7ef 6618->6621 6620 71eb5b __lseeki64 67 API calls 6619->6620 6623 72e819 6620->6623 6626 71eb48 __fileno 67 API calls 6621->6626 6624 72e855 6622->6624 6625 72e87b 6622->6625 6627 71eb48 __fileno 67 API calls 6623->6627 6628 71eb5b __lseeki64 67 API calls 6624->6628 6630 723a4c ___lock_fhandle 68 API calls 6625->6630 6629 72e7f7 __msize 6626->6629 6632 72e820 6627->6632 6633 72e85a 6628->6633 6629->6564 6631 72e881 6630->6631 6634 72e8aa 6631->6634 6635 72e88e 6631->6635 6636 718a3b __fileno 6 API calls 6632->6636 6637 71eb48 __fileno 67 API calls 6633->6637 6639 71eb48 __fileno 67 API calls 6634->6639 6638 72e748 __lseeki64_nolock 69 API calls 6635->6638 6636->6629 6640 72e861 6637->6640 6641 72e89f 6638->6641 6642 72e8af 6639->6642 6643 718a3b __fileno 6 API calls 6640->6643 6765 72e8dc 6641->6765 6644 71eb5b __lseeki64 67 API calls 6642->6644 6643->6629 6644->6641 6647 720493 __getptd_noexit 67 API calls 6646->6647 6648 71eb60 6647->6648 6648->6599 6650 723a58 __msize 6649->6650 6651 723ab3 6650->6651 6652 721815 __lock 67 API calls 6650->6652 6653 723ad5 __msize 6651->6653 6654 723ab8 EnterCriticalSection 6651->6654 6655 723a84 6652->6655 6653->6603 6654->6653 6656 723a9b 6655->6656 6657 72a62e __mtinitlocknum InitializeCriticalSectionAndSpinCount 6655->6657 6721 723ae3 6656->6721 6657->6656 6660 725856 __write_nolock 6659->6660 6661 725888 6660->6661 6662 7258af 6660->6662 6692 72587d 6660->6692 6664 71eb5b __lseeki64 67 API calls 6661->6664 6665 725917 6662->6665 6666 7258f1 6662->6666 6663 71791b __putwch_nolock 5 API calls 6667 725f78 6663->6667 6668 72588d 6664->6668 6670 72592b 6665->6670 6725 72e748 6665->6725 6669 71eb5b __lseeki64 67 API calls 6666->6669 6667->6611 6671 71eb48 __fileno 67 API calls 6668->6671 6673 7258f6 6669->6673 6672 72e8e6 __flsbuf 67 API calls 6670->6672 6675 725894 6671->6675 6677 725936 6672->6677 6678 71eb48 __fileno 67 API calls 6673->6678 6676 718a3b __fileno 6 API calls 6675->6676 6676->6692 6679 725bdc 6677->6679 6735 72050c 6677->6735 6680 7258ff 6678->6680 6682 725eab WriteFile 6679->6682 6683 725bec 6679->6683 6681 718a3b __fileno 6 API calls 6680->6681 6681->6692 6687 725bbe 6682->6687 6688 725ede GetLastError 6682->6688 6685 725cca 6683->6685 6708 725c00 6683->6708 6706 725daa 6685->6706 6710 725cd9 6685->6710 6689 725f29 6687->6689 6687->6692 6693 725efc 6687->6693 6688->6687 6689->6692 6694 71eb48 __fileno 67 API calls 6689->6694 6690 72597c 6690->6679 6691 72598e GetConsoleCP 6690->6691 6691->6687 6716 7259b1 6691->6716 6692->6663 6696 725f07 6693->6696 6697 725f1b 6693->6697 6699 725f4c 6694->6699 6695 725e10 WideCharToMultiByte 6695->6688 6702 725e47 WriteFile 6695->6702 6701 71eb48 __fileno 67 API calls 6696->6701 6743 71eb6e 6697->6743 6698 725c6e WriteFile 6698->6688 6698->6708 6700 71eb5b __lseeki64 67 API calls 6699->6700 6700->6692 6705 725f0c 6701->6705 6702->6706 6707 725e7e GetLastError 6702->6707 6703 725d4e WriteFile 6703->6688 6703->6710 6709 71eb5b __lseeki64 67 API calls 6705->6709 6706->6687 6706->6689 6706->6695 6706->6702 6707->6706 6708->6687 6708->6689 6708->6698 6709->6692 6710->6687 6710->6689 6710->6703 6712 72f157 11 API calls __putwch_nolock 6712->6716 6713 725a5d WideCharToMultiByte 6713->6687 6715 725a8e WriteFile 6713->6715 6714 72ebe8 79 API calls __fassign 6714->6716 6715->6688 6715->6716 6716->6687 6716->6688 6716->6712 6716->6713 6716->6714 6717 725ae2 WriteFile 6716->6717 6740 71b287 6716->6740 6717->6688 6717->6716 6764 723aec LeaveCriticalSection 6718->6764 6720 726054 6720->6608 6724 72173b LeaveCriticalSection 6721->6724 6723 723aea 6723->6651 6724->6723 6748 7239d5 6725->6748 6727 72e766 6728 72e76e 6727->6728 6729 72e77f SetFilePointer 6727->6729 6730 71eb48 __fileno 67 API calls 6728->6730 6731 72e797 GetLastError 6729->6731 6732 72e773 6729->6732 6730->6732 6731->6732 6733 72e7a1 6731->6733 6732->6670 6734 71eb6e __dosmaperr 67 API calls 6733->6734 6734->6732 6736 720493 __getptd_noexit 67 API calls 6735->6736 6737 720514 6736->6737 6738 720521 GetConsoleMode 6737->6738 6739 71b496 __amsg_exit 67 API calls 6737->6739 6738->6679 6738->6690 6739->6738 6761 71b24f 6740->6761 6744 71eb5b __lseeki64 67 API calls 6743->6744 6745 71eb79 __dosmaperr 6744->6745 6746 71eb48 __fileno 67 API calls 6745->6746 6747 71eb8c 6746->6747 6747->6692 6749 7239e2 6748->6749 6750 7239fa 6748->6750 6751 71eb5b __lseeki64 67 API calls 6749->6751 6752 71eb5b __lseeki64 67 API calls 6750->6752 6754 723a3f 6750->6754 6753 7239e7 6751->6753 6755 723a28 6752->6755 6756 71eb48 __fileno 67 API calls 6753->6756 6754->6727 6757 71eb48 __fileno 67 API calls 6755->6757 6758 7239ef 6756->6758 6759 723a2f 6757->6759 6758->6727 6760 718a3b __fileno 6 API calls 6759->6760 6760->6754 6762 717987 _LocaleUpdate::_LocaleUpdate 77 API calls 6761->6762 6763 71b262 6762->6763 6763->6716 6764->6720 6768 723aec LeaveCriticalSection 6765->6768 6767 72e8e4 6767->6629 6768->6767 6788 71c74b 6769->6788 6771 6c1017 GetLastError 6772 6c1022 6771->6772 6773 6c1000 RaiseException 6772->6773 6775 6c1032 6773->6775 6774 6c1067 6774->6516 6775->6774 6776 6c1000 RaiseException 6775->6776 6776->6775 6778 718ae1 6777->6778 6779 718b09 6777->6779 6778->6779 6781 718aed 6778->6781 6780 718b1e 6779->6780 6791 723216 6779->6791 6804 71bbb0 6780->6804 6784 71eb48 __fileno 67 API calls 6781->6784 6785 718af2 6784->6785 6786 718a3b __fileno 6 API calls 6785->6786 6787 718b02 _memset 6786->6787 6787->6518 6789 71c780 RaiseException 6788->6789 6790 71c774 6788->6790 6789->6771 6790->6789 6792 723222 __msize 6791->6792 6793 723232 6792->6793 6794 72324f 6792->6794 6795 71eb48 __fileno 67 API calls 6793->6795 6796 723290 HeapSize 6794->6796 6798 721815 __lock 67 API calls 6794->6798 6797 723237 6795->6797 6800 723247 __msize 6796->6800 6799 718a3b __fileno 6 API calls 6797->6799 6801 72325f ___sbh_find_block 6798->6801 6799->6800 6800->6780 6840 7232b0 6801->6840 6805 71bbbc __msize 6804->6805 6806 71bbd1 6805->6806 6807 71bbc3 6805->6807 6809 71bbe4 6806->6809 6810 71bbd8 6806->6810 6808 718f12 _malloc 67 API calls 6807->6808 6825 71bbcb __dosmaperr __msize 6808->6825 6817 71bd56 6809->6817 6838 71bbf1 ___sbh_resize_block ___sbh_find_block __recalloc 6809->6838 6811 717db4 __threadstartex@4 67 API calls 6810->6811 6811->6825 6812 71bd89 6813 71cc96 _malloc 6 API calls 6812->6813 6816 71bd8f 6813->6816 6814 721815 __lock 67 API calls 6814->6838 6815 71bd5b HeapReAlloc 6815->6817 6815->6825 6818 71eb48 __fileno 67 API calls 6816->6818 6817->6812 6817->6815 6819 71bdad 6817->6819 6820 71cc96 _malloc 6 API calls 6817->6820 6822 71bda3 6817->6822 6818->6825 6821 71eb48 __fileno 67 API calls 6819->6821 6819->6825 6820->6817 6823 71bdb6 GetLastError 6821->6823 6826 71eb48 __fileno 67 API calls 6822->6826 6823->6825 6825->6787 6828 71bd24 6826->6828 6827 71bc7c HeapAlloc 6827->6838 6828->6825 6830 71bd29 GetLastError 6828->6830 6829 71bcd1 HeapReAlloc 6829->6838 6830->6825 6831 722027 ___sbh_alloc_block 5 API calls 6831->6838 6832 71bd3c 6832->6825 6834 71eb48 __fileno 67 API calls 6832->6834 6833 71cc96 _malloc 6 API calls 6833->6838 6835 71bd49 6834->6835 6835->6823 6835->6825 6836 71bd1f 6837 71eb48 __fileno 67 API calls 6836->6837 6837->6828 6838->6812 6838->6814 6838->6825 6838->6827 6838->6829 6838->6831 6838->6832 6838->6833 6838->6836 6839 721878 __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 6838->6839 6844 71bcf4 6838->6844 6839->6838 6843 72173b LeaveCriticalSection 6840->6843 6842 72328b 6842->6796 6842->6800 6843->6842 6847 72173b LeaveCriticalSection 6844->6847 6846 71bcfb 6846->6838 6847->6846 6849 6ca3fc 6848->6849 6850 6ca407 GetCurrentProcess FlushInstructionCache 6848->6850 6864 716c70 6849->6864 6852 6ca435 6850->6852 6852->6484 6852->6485 6853 6ca401 6853->6850 6853->6852 6855 6ca349 6854->6855 6856 6ca383 RaiseException EnterCriticalSection 6854->6856 6855->6856 6857 6ca34d GetCurrentThreadId EnterCriticalSection 6855->6857 6858 6ca3bb GetCurrentThreadId 6856->6858 6863 6ca3c3 6856->6863 6860 6c69be LeaveCriticalSection 6857->6860 6858->6863 6859 6c69be LeaveCriticalSection 6861 6ca3ee 6859->6861 6862 6ca381 6860->6862 6861->6488 6862->6488 6863->6859 6865 716bd0 6864->6865 6866 716be3 6865->6866 6867 716bda 6865->6867 6869 716c04 RtlInterlockedPopEntrySList 6866->6869 6870 716bed GetProcessHeap HeapAlloc 6866->6870 6880 716b09 IsProcessorFeaturePresent 6867->6880 6874 716c0f VirtualAlloc 6869->6874 6875 716c6b 6869->6875 6872 716c02 6870->6872 6873 716c26 6870->6873 6871 716bdf 6871->6866 6871->6873 6872->6853 6873->6853 6874->6873 6876 716c2a RtlInterlockedPopEntrySList 6874->6876 6875->6853 6877 716c4f 6876->6877 6878 716c3f VirtualFree 6876->6878 6879 716c57 RtlInterlockedPushEntrySList 6877->6879 6878->6875 6879->6875 6879->6879 6881 716b15 6880->6881 6882 716b1c LoadLibraryA 6880->6882 6881->6871 6883 716b52 6882->6883 6884 716b32 GetProcAddress GetProcAddress 6882->6884 6885 716bac 6883->6885 6886 716b74 GetProcessHeap HeapAlloc 6883->6886 6884->6883 6885->6871 6886->6885 6887 716b8e InterlockedCompareExchange 6886->6887 6887->6885 6888 716ba0 GetProcessHeap HeapFree 6887->6888 6888->6885

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 00716C70 Relevance: 10.6, APIs: 7, Instructions: 59memoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,0000000D,00000000,006CA401,00000000,006F6543,00000000,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000), ref: 00716BF1
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000,?,00767C18,?), ref: 00716BF8
                                                                                                                                                                                            • Part of subcall function 00716B09: IsProcessorFeaturePresent.KERNEL32(0000000C,00716BDF,00000000,006CA401,00000000,006F6543,00000000,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000), ref: 00716B0B
                                                                                                                                                                                          • RtlInterlockedPopEntrySList.NTDLL(023C9780), ref: 00716C05
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000,?,00767C18,?), ref: 00716C1A
                                                                                                                                                                                          • RtlInterlockedPopEntrySList.NTDLL(?), ref: 00716C33
                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000,?,00767C18,?), ref: 00716C47
                                                                                                                                                                                          • RtlInterlockedPushEntrySList.NTDLL(00000000), ref: 00716C5E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: EntryInterlockedList$AllocHeapVirtual$FeatureFreePresentProcessProcessorPush
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2304957937-0
                                                                                                                                                                                          • Opcode ID: ae13c3ade3811efea7d050dbbb97f5c3fc08750af92242acbefce994862bfc6a
                                                                                                                                                                                          • Instruction ID: 0d87750b48388a45a135a063ddfa8babfc99c59ab4f2e80b50e8530a4b34c460
                                                                                                                                                                                          • Opcode Fuzzy Hash: ae13c3ade3811efea7d050dbbb97f5c3fc08750af92242acbefce994862bfc6a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3701D671244211B7E7329B6DFC08FAA3665EB80752F118420F943F62D1EB6CDCD18AB9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 006CAF87 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 125registryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0076A518,?,00000000,?), ref: 006CAFB5
                                                                                                                                                                                          • GetClassInfoExW.USER32(00000000,?,?), ref: 006CAFF4
                                                                                                                                                                                          • GetClassInfoExW.USER32(?,?), ref: 006CB009
                                                                                                                                                                                            • Part of subcall function 006C69BE: LeaveCriticalSection.KERNEL32(?,00000000,006CB0E4), ref: 006C69C9
                                                                                                                                                                                          • LoadCursorW.USER32(?,?), ref: 006CB055
                                                                                                                                                                                          • swprintf.LIBCMT ref: 006CB07F
                                                                                                                                                                                          • GetClassInfoExW.USER32(?,00000000,?), ref: 006CB0A2
                                                                                                                                                                                          • RegisterClassExW.USER32(?), ref: 006CB0B2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Class$Info$CriticalSection$CursorEnterLeaveLoadRegisterswprintf
                                                                                                                                                                                          • String ID: 0$ATL:%p
                                                                                                                                                                                          • API String ID: 4219454028-2453800769
                                                                                                                                                                                          • Opcode ID: 67ed645365f1e0d29580bb6dfc35aa2da24799b26b8ce9fc58f9b29323123b86
                                                                                                                                                                                          • Instruction ID: fdc2ad491864ff7517569c8787129b02debb6aec78fb5727ad93e9f68daf6a66
                                                                                                                                                                                          • Opcode Fuzzy Hash: 67ed645365f1e0d29580bb6dfc35aa2da24799b26b8ce9fc58f9b29323123b86
                                                                                                                                                                                          • Instruction Fuzzy Hash: D841C7B26003019FCB11CF64C881AABBBA8FF48310F00465DFC559B246E775D985CFA6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 006F6533 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 44 6f6533-6f6546 call 6ca3f4 47 6f6548-6f654a SetLastError 44->47 48 6f6554-6f6559 44->48 49 6f6550-6f6552 47->49 48->49 50 6f655b-6f656a call 6ca340 48->50 51 6f65bd-6f65be 49->51 54 6f656c-6f6573 50->54 55 6f6578-6f657d 50->55 54->55 56 6f6575 54->56 57 6f657f-6f6584 55->57 58 6f6587-6f65bc CreateWindowExW 55->58 56->55 57->58 58->51
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 006CA3F4: GetCurrentProcess.KERNEL32(00000000,0000000D,00000000,006F6543,00000000,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000,?,00767C18), ref: 006CA425
                                                                                                                                                                                            • Part of subcall function 006CA3F4: FlushInstructionCache.KERNEL32(00000000,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000,?,00767C18,?), ref: 006CA42C
                                                                                                                                                                                          • SetLastError.KERNEL32(0000000E,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000,?,00767C18,?), ref: 006F654A
                                                                                                                                                                                          • CreateWindowExW.USER32(?,00000000,?,00767C18,?,?,?,?,?,00000000,00000000,00000000), ref: 006F65B6
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CacheCreateCurrentErrorFlushInstructionLastProcessWindow
                                                                                                                                                                                          • String ID: |Uv
                                                                                                                                                                                          • API String ID: 852167079-3691001150
                                                                                                                                                                                          • Opcode ID: e1d269521d041fd53396db14ccb076e9baf262083be31ff0ffcd3b72539330b3
                                                                                                                                                                                          • Instruction ID: fefce4843f4dd60fa973b4dc040b87c617b9b8f303bfb48ef738fff73c3dcfa9
                                                                                                                                                                                          • Opcode Fuzzy Hash: e1d269521d041fd53396db14ccb076e9baf262083be31ff0ffcd3b72539330b3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 93115E72600209AFDB108F69DC08FFA3BAAEB48354F058129FE05AA265D778DD50DB94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 006CADB8 Relevance: 3.1, APIs: 2, Instructions: 55windowCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 59 6cadb8-6cadd8 60 6cadda 59->60 61 6cade0-6cae03 call 6ca439 call 6f6533 59->61 60->61 65 6cae08-6cae1b 61->65 66 6cae27-6cae32 GetMessageW 65->66 67 6cae1d-6cae21 DispatchMessageW 66->67 68 6cae34-6cae38 66->68 67->66
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 006CAE21
                                                                                                                                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 006CAE2E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message$Dispatch
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 327935592-0
                                                                                                                                                                                          • Opcode ID: 4df715768615c1d04f8aafa661da16fba785cac91cbe1e15ad7c32a23a1b4961
                                                                                                                                                                                          • Instruction ID: f96dcb4d12fd82236d4e49d97f418931f660bac9e9c9f37f1a77ddabdcbeab6c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4df715768615c1d04f8aafa661da16fba785cac91cbe1e15ad7c32a23a1b4961
                                                                                                                                                                                          • Instruction Fuzzy Hash: 00016DB280022CAADB149FE9AC45EFFBBBDEF49764B10852AF911E2140D2709544CBF4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0C36506C Relevance: 1.7, Strings: 1, Instructions: 409COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 69 c36506c-c365075 70 c36508c-c3650de 69->70 71 c36507b-c365086 69->71 74 c3650e4-c3650ef 70->74 75 c3654fa-c365511 70->75 71->70 72 c3654e6-c3654f5 71->72 72->70 74->75 77 c3650f5-c365110 74->77 79 c365519-c365530 75->79 78 c365116-c365121 77->78 77->79 78->79 81 c365127-c36513f 78->81 88 c365538-c36553f 79->88 83 c365145-c365148 81->83 84 c36514d-c365157 81->84 85 c365173 83->85 86 c36515d-c365160 84->86 87 c365179 84->87 85->87 90 c36517e-c365189 85->90 89 c365166-c365171 86->89 86->90 87->90 91 c365545-c365547 88->91 92 c365552-c365562 88->92 89->85 93 c365382 90->93 94 c36518f-c3651a2 90->94 96 c36537d 91->96 97 c36554d 91->97 92->96 109 c365568 92->109 95 c365384-c365387 93->95 94->88 99 c3651a8-c3651b1 94->99 100 c365395-c36539b 95->100 101 c36538d-c365390 95->101 96->95 97->92 103 c3651b7-c3651c2 99->103 104 c3651c8-c3651ca 99->104 107 c3653a1 100->107 108 c3655e9-c3655f4 100->108 106 c3653a7 101->106 103->88 103->104 104->96 105 c3651d0-c3651e4 104->105 110 c36556d-c365577 105->110 111 c3651ea-c3651fb 105->111 112 c3653ad-c3653c2 106->112 113 c3654da 106->113 107->106 117 c3655fb-c365610 108->117 109->110 120 c3654df-c3654e5 110->120 111->110 114 c365201-c365210 111->114 112->117 118 c3653c8-c3653d0 112->118 116 c3654dd 113->116 114->110 119 c365216-c365263 114->119 116->120 124 c365615-c36562d 117->124 118->117 121 c3653d6-c3653ed 118->121 128 c365271-c36527b 119->128 129 c365269-c36526c 119->129 121->124 125 c3653f3-c3653fb 121->125 130 c365632-c365647 124->130 125->124 127 c365401-c365415 125->127 127->130 131 c36541b-c365423 127->131 134 c365281-c365284 128->134 135 c36529d 128->135 133 c365297 129->133 141 c36564e-c365660 130->141 131->130 136 c365429-c365440 131->136 133->135 138 c36529f-c3652ac 133->138 134->138 139 c36528a-c365295 134->139 135->138 140 c365446-c36545f 136->140 136->141 142 c3652b2-c3652bb 138->142 143 c36557c-c365583 138->143 139->133 140->141 144 c365465-c36548b 140->144 147 c365667-c365676 141->147 149 c3652d2-c3652d4 142->149 150 c3652c1-c3652cc 142->150 145 c365596-c3655a4 143->145 146 c365589-c36558b 143->146 144->147 148 c365491-c365495 144->148 154 c36530a-c365331 145->154 165 c3655aa 145->165 153 c365591 146->153 146->154 164 c36567b-c365693 147->164 156 c36549a-c3654ba 148->156 149->154 155 c3652da-c3652f7 149->155 150->143 150->149 153->145 160 c365337-c365352 154->160 161 c3655c3-c3655d2 154->161 157 c3655af-c3655be 155->157 158 c3652fd-c365306 155->158 163 c3654c0-c3654c8 156->163 156->164 157->161 158->154 171 c365360-c365366 160->171 172 c365358-c36535b 160->172 174 c3655d7-c3655e2 161->174 163->164 166 c3654ce-c3654d5 163->166 164->116 165->157 166->116 171->174 176 c36536c 171->176 175 c365371-c365372 172->175 174->108 175->96 177 c365378 175->177 176->175 177->96
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2504946450.000000000C360000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C360000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_c360000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: C#
                                                                                                                                                                                          • API String ID: 0-954892107
                                                                                                                                                                                          • Opcode ID: a22d16f716ed3c3326fb482816d221ae3a7c8344e2a86b9a2b371b9bd552c24c
                                                                                                                                                                                          • Instruction ID: 9edbe2d47372b43195bbb4531771d7128cfd8a8f0ef4257be6e73280c1aa8d0a
                                                                                                                                                                                          • Opcode Fuzzy Hash: a22d16f716ed3c3326fb482816d221ae3a7c8344e2a86b9a2b371b9bd552c24c
                                                                                                                                                                                          • Instruction Fuzzy Hash: ACE11330B103049BDB24CF55C895BA9B7E6EF49714F24C669E946ABB88D770DC40CFA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0C366232 Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 179 c366232-c366272 183 c366300 179->183 184 c366278-c366285 179->184 187 c366303-c366313 183->187 185 c36676f-c366784 184->185 186 c36628b-c3662a1 184->186 186->185 188 c3662a7-c3662c0 186->188 190 c3667ef-c366807 187->190 191 c366319-c36632d 187->191 193 c3662c6-c3662de 188->193 194 c366789-c366793 188->194 199 c36680c-c366817 190->199 191->190 192 c366333-c366340 191->192 195 c366346-c366349 192->195 196 c36634e-c366354 192->196 205 c3662e4-c3662e5 193->205 206 c366798-c3667a6 193->206 207 c366967-c36696a 194->207 198 c366360 195->198 196->199 200 c36635a 196->200 203 c366366-c36637e 198->203 204 c3664b1-c3664bf 198->204 219 c36681e-c366828 199->219 200->198 222 c366384-c36638c 203->222 223 c3663e3-c366407 203->223 208 c3664c5-c3664c8 204->208 209 c3664cd-c3664d8 204->209 210 c3667bb-c3667c8 205->210 211 c3662eb-c3662ef 205->211 206->205 220 c3667ac-c3667b6 206->220 212 c366673-c366679 207->212 216 c3664da 208->216 209->216 210->212 217 c3662f5-c3662fb 211->217 218 c3667cd-c3667ea 211->218 225 c3664e5-c3664f2 216->225 226 c3664e0 216->226 217->187 218->187 219->212 220->212 222->219 229 c366392-c3663a2 222->229 237 c36682d-c36683f 223->237 238 c36640d-c366426 223->238 227 c366500-c366506 225->227 228 c3664f8-c3664fb 225->228 226->225 233 c36650c 227->233 234 c36689d-c3668a8 227->234 232 c366511 228->232 229->219 236 c3663a8-c3663b7 229->236 239 c366517-c366527 232->239 240 c36666e 232->240 233->232 244 c3668af-c3668c4 234->244 236->219 241 c3663bd-c3663df 236->241 246 c366846-c36685a 237->246 238->237 242 c36642c-c366456 238->242 239->244 245 c36652d-c366542 239->245 240->212 241->223 242->246 247 c36645c-c366462 242->247 256 c3668cb-c3668e0 244->256 245->244 249 c366548-c36655c 245->249 254 c366878-c366882 246->254 251 c36685f-c366873 247->251 252 c366468-c36646f 247->252 255 c366562-c36656a 249->255 249->256 251->254 252->254 257 c366475-c366492 252->257 254->207 255->256 258 c366570-c36657f 255->258 261 c3668e7-c3668fb 256->261 259 c366887-c366897 257->259 260 c366498-c36649f call 6ef0a9f 257->260 258->261 262 c366585-c36658e 258->262 259->234 268 c3664a1-c3664ae 260->268 267 c366919-c366923 261->267 265 c366594-c36659b 262->265 266 c366900-c366914 262->266 265->267 269 c3665a1-c3665cc 265->269 266->267 267->207 268->204 272 c3665d2-c3665db 269->272 273 c366928-c366932 269->273 274 c3665f2-c366623 272->274 275 c3665e1-c3665ec 272->275 273->212 278 c366937-c36694c 274->278 279 c366629-c366631 274->279 275->273 275->274 281 c366951-c366961 278->281 279->278 280 c366637-c366654 279->280 280->281 282 c36665a-c36665e 280->282 281->207 284 c366663-c366667 282->284 284->240
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2504946450.000000000C360000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C360000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_c360000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: ![
                                                                                                                                                                                          • API String ID: 0-838831968
                                                                                                                                                                                          • Opcode ID: c48c676ec17455db475a559ec62b584948e9948f6b166ff2f8f9118aa138181e
                                                                                                                                                                                          • Instruction ID: 681c32456c0d449a7f20d960bd710bf7f7088594f830a71f3c27ed66059b8bae
                                                                                                                                                                                          • Opcode Fuzzy Hash: c48c676ec17455db475a559ec62b584948e9948f6b166ff2f8f9118aa138181e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CE1D170B103149BDB14CF65C993BA9B7F5AB48398F208529FD06ABB88C774D851CFA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FFC99C Relevance: 1.2, Instructions: 1155COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 287 6ffc99c-6ffd009 289 6ffd00f-6ffd026 287->289 290 6ffd029-6ffd030 287->290 289->290 291 6ffd039-6ffd057 290->291 292 6ffd036 290->292 293 6ffd2ef-6ffd2f9 291->293 294 6ffd05d 291->294 292->291 296 6ffd060 293->296 297 6ffd2ff-6ffd301 293->297 294->296 298 6ffd063-6ffd074 296->298 297->298 299 6ffd07a-6ffd0a8 298->299 300 6ffd082-6ffd08c 298->300 302 6ffd0ae-6ffd0b3 299->302 304 6ffd0bf-6ffd0c5 299->304 300->302 303 6ffd092-6ffd095 300->303 306 6ffd0ba-6ffd0bc 302->306 303->304 305 6ffd09b 303->305 307 6ffd0cb-6ffd0d1 304->307 308 6ffd2e6 304->308 305->293 306->304 307->308 310 6ffd0d7-6ffd0f5 307->310 309 6ffd2e8-6ffd2ee 308->309 311 6ffd0fb-6ffd11f 310->311 312 6ffd306-6ffd31f 310->312 313 6ffd125-6ffd13e 311->313 314 6ffd324-6ffd334 311->314 312->314 318 6ffd33a-6ffd349 313->318 319 6ffd144-6ffd153 313->319 314->318 325 6ffd34f-6ffd35a 318->325 322 6ffd159-6ffd15c 319->322 323 6ffd161-6ffd167 319->323 324 6ffd172 322->324 323->325 326 6ffd16d 323->326 327 6ffd25c-6ffd270 324->327 328 6ffd178-6ffd190 324->328 330 6ffd361-6ffd379 325->330 326->324 331 6ffd3ca-6ffd3d4 327->331 332 6ffd276-6ffd286 327->332 329 6ffd196-6ffd1a1 328->329 328->330 329->330 334 6ffd1a7-6ffd1d9 329->334 342 6ffd37f-6ffd389 330->342 331->309 332->331 335 6ffd28c-6ffd29b 332->335 347 6ffd1df-6ffd202 334->347 348 6ffd233 334->348 335->331 338 6ffd2a1-6ffd2ca 335->338 340 6ffd3d9-6ffd3e8 338->340 341 6ffd2d0-6ffd2e3 338->341 350 6ffd3ed-6ffd3f0 340->350 341->308 343 6ffd398-6ffd3a2 342->343 343->350 347->342 355 6ffd208-6ffd20f 347->355 349 6ffd235-6ffd241 348->349 352 6ffd247-6ffd257 349->352 353 6ffd3b6-6ffd3c5 349->353 350->309 352->308 353->331 358 6ffd38e 355->358 359 6ffd215-6ffd226 355->359 358->343 361 6ffd22c-6ffd22e 359->361 362 6ffd3a7-6ffd3b1 359->362 361->349 362->350
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500176312.0000000006FF7000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF7000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff7000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 5c7c4a1da6f7d25d157aa4d5ba8c4914c72553603b583d55651f0b250192e903
                                                                                                                                                                                          • Instruction ID: 3f4d2ccd1c8288be08add61c2d00bb0a44161b256d591c7c6efab68b6a098849
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c7c4a1da6f7d25d157aa4d5ba8c4914c72553603b583d55651f0b250192e903
                                                                                                                                                                                          • Instruction Fuzzy Hash: 33511230E543049FEB60CF14C982FA9B7E1EF44714F148448EE999B3A5D771E951CBA2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FFE0CE Relevance: 1.1, Instructions: 1068COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500176312.0000000006FF7000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF7000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff7000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 99aae02db24e579f0f6a2b3b8e0044d7b5348516410f241f4c1e73d7c24f4df1
                                                                                                                                                                                          • Instruction ID: cbd8087007fc38ef4c79cb5e63c7c08f71d2dc7ce78539619f39fdb16f176b15
                                                                                                                                                                                          • Opcode Fuzzy Hash: 99aae02db24e579f0f6a2b3b8e0044d7b5348516410f241f4c1e73d7c24f4df1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5182F731F60301AFEBA4CF54C891B7AB7E6EF84714F254459EA06AB2B0D774D841CBA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 07006800 Relevance: .5, Instructions: 491COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 683 7006800-7006809 684 7006829-7006830 683->684 685 700680f-7006826 683->685 686 7006836 684->686 687 7006839-700686b 684->687 685->684 686->687 688 7006d20-7006d45 687->688 689 7006871-700687c 687->689 692 700688c-700689c 688->692 696 7006d4b-7006d55 688->696 689->688 691 7006882-7006889 689->691 691->692 694 70068a2-70068b2 692->694 695 7006d5a-7006d64 692->695 694->695 697 70068b8-70068c7 694->697 703 7006d19-7006d1f 695->703 696->703 697->695 698 70068cd-7006905 697->698 701 7006d69-7006d73 698->701 702 700690b-700691a 698->702 701->703 702->701 704 7006920-7006958 702->704 707 7006d78-7006d8a 704->707 708 700695e-7006979 704->708 709 7006d8f-7006da0 707->709 708->709 710 700697f-7006999 708->710 715 7006da8-7006db2 709->715 714 700699f-70069a7 710->714 714->715 716 70069ad-70069bb 714->716 718 7006dc1-7006dce 715->718 716->715 717 70069c1-70069c8 716->717 719 7006db7 717->719 720 70069ce-70069d6 717->720 718->703 719->718 721 7006dd3-7006de0 720->721 722 70069dc-70069e3 720->722 724 7006de5-7006df1 721->724 722->724 725 70069e9-70069ee 722->725 724->725 734 7006df7-7006e04 724->734 726 7006bc1-7006bc9 725->726 727 70069f4-70069fa 725->727 730 7006f76-7006f83 726->730 731 7006bcf-7006bda 726->731 732 7006a00-7006a2f 727->732 733 7006e09-7006e19 727->733 748 7006f8a-7006f9f 730->748 735 7006be0-7006be3 731->735 736 7006be8-7006bf3 731->736 737 7006e20-7006e2f 732->737 738 7006a35-7006a46 call 6ef0a1f 732->738 733->737 734->703 739 7006bf5 735->739 736->739 755 7006e34-7006e42 737->755 751 7006a54-7006a5a 738->751 752 7006a4c-7006a4f 738->752 744 7006d02 739->744 745 7006bfb-7006c13 739->745 750 7006d05-7006d14 744->750 745->748 749 7006c19-7006c24 745->749 760 7006fa6-7006fb0 748->760 749->748 756 7006c2a-7006c40 749->756 750->703 754 7006a60 751->754 751->755 753 7006a65 752->753 757 7006ae1-7006ae4 753->757 758 7006a6b-7006a73 753->758 754->753 763 7006e48-7006e52 755->763 756->760 761 7006c46-7006c56 756->761 765 7006af2-7006af8 757->765 766 7006aea-7006aed 757->766 758->763 764 7006a79-7006a87 758->764 760->703 761->760 767 7006c5c-7006c6b 761->767 771 7006e61-7006e6e 763->771 764->763 770 7006a8d-7006a94 764->770 772 7006eda-7006ee5 765->772 773 7006afe 765->773 774 7006b04 766->774 767->760 768 7006c71-7006cd6 767->768 787 7006fb5-7006fc5 768->787 788 7006cdc-7006cfd 768->788 775 7006e57 770->775 776 7006a9a-7006aa3 770->776 771->703 786 7006eec-7006ef6 772->786 773->774 777 7006b0a-7006b12 774->777 778 7006bac 774->778 775->771 781 7006e73-7006e92 776->781 782 7006aa9-7006abd 776->782 785 7006b18-7006b28 777->785 777->786 780 7006baf-7006bb3 778->780 789 7006f61-7006f71 780->789 790 7006bb9-7006bbc 780->790 791 7006abf-7006ac6 781->791 804 7006e98-7006ea2 781->804 782->791 785->786 792 7006b2e-7006b3d 785->792 786->703 809 7006fcb-7006fce 787->809 788->750 789->703 790->714 793 7006ea7-7006ec5 791->793 794 7006acc-7006add 791->794 792->786 797 7006b43-7006b56 792->797 803 7006adf 793->803 808 7006ecb-7006ed5 793->808 794->803 798 7006efb-7006f0b 797->798 799 7006b5c-7006b60 797->799 798->809 806 7006f10-7006f23 799->806 807 7006b66-7006b86 799->807 803->757 804->703 812 7006f34-7006f45 806->812 813 7006f29-7006f2f 806->813 815 7006b8c-7006b97 807->815 808->703 809->703 814 7006f4a-7006f5c 812->814 813->814 815->780 818 7006b9d-7006ba7 815->818 818->703
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500176312.0000000006FF7000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF7000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff7000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: c7e02f638e49ff9896cc9a21e674efec702fb93145b66d3ebd0e683060f6ae3b
                                                                                                                                                                                          • Instruction ID: e944467d4566992ff1ce04ad90f93ea742b3f0cddbafa5073c9422879d567a9c
                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e02f638e49ff9896cc9a21e674efec702fb93145b66d3ebd0e683060f6ae3b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D021AB0A043159FEF14CF64C856B69BBE6FF45324F148259E816AB3C0C7B69860CBE1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FF880B Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 821 6ff880b-6ff881a 822 6ff881c-6ff882d 821->822 823 6ff8867-6ff887a 821->823 824 6ff8836-6ff8854 822->824 825 6ff8833 822->825 829 6ff8888-6ff8893 823->829 830 6ff8880-6ff8883 823->830 826 6ff885a-6ff8863 824->826 827 6ff8b49-6ff8b4e 824->827 825->824 826->823 831 6ff8b55-6ff8b61 827->831 832 6ff8895 829->832 830->832 838 6ff88ba-6ff88bd 831->838 839 6ff8b67-6ff8b71 831->839 834 6ff889b-6ff88b4 832->834 835 6ff88f8-6ff8914 832->835 834->831 834->838 841 6ff891a-6ff891d 835->841 842 6ff8922-6ff8928 835->842 838->835 843 6ff88c3-6ff88dc 838->843 851 6ff8b42-6ff8b48 839->851 844 6ff8933 841->844 845 6ff892e 842->845 846 6ff8b97-6ff8ba2 842->846 852 6ff8b76-6ff8b82 843->852 853 6ff88e2-6ff88e5 843->853 849 6ff89ec-6ff89f4 844->849 850 6ff8939-6ff894e 844->850 845->844 857 6ff8ba9-6ff8bbe 846->857 855 6ff89fa-6ff89fd 849->855 856 6ff8a02-6ff8a0a 849->856 850->857 858 6ff8954-6ff895f 850->858 852->853 873 6ff8b88-6ff8b92 852->873 853->835 859 6ff88eb-6ff88f3 853->859 860 6ff8a16 855->860 861 6ff8bd4-6ff8bdf 856->861 862 6ff8a10 856->862 874 6ff8bc5-6ff8bcf 857->874 858->857 863 6ff8965-6ff897a 858->863 864 6ff8b40 859->864 866 6ff8a1c 860->866 867 6ff8a21-6ff8a2c 860->867 877 6ff8be6-6ff8bfb 861->877 862->860 871 6ff8984-6ff898b 863->871 864->851 866->867 869 6ff8b3e 867->869 870 6ff8a32-6ff8a4d 867->870 869->864 880 6ff8b37 870->880 881 6ff8a53-6ff8a63 870->881 871->874 875 6ff8991-6ff89a2 871->875 873->851 874->851 875->874 876 6ff89a8-6ff89b7 875->876 876->874 882 6ff89bd-6ff89e9 876->882 893 6ff8c02-6ff8c11 877->893 884 6ff8b39 880->884 881->877 885 6ff8a69-6ff8a75 881->885 882->849 884->864 887 6ff8a7b-6ff8a84 885->887 888 6ff8a89-6ff8a91 885->888 890 6ff8add-6ff8afa 887->890 891 6ff8a97-6ff8aaf 888->891 892 6ff8ab4-6ff8ab9 888->892 890->893 897 6ff8b00-6ff8b17 890->897 891->890 895 6ff8abf-6ff8ac6 892->895 896 6ff8acb-6ff8acd 892->896 901 6ff8c16-6ff8c24 893->901 895->890 896->877 899 6ff8ad3-6ff8ada 896->899 897->901 902 6ff8b1d-6ff8b2e 897->902 899->890 903 6ff8b30-6ff8b32 901->903 902->903 903->884
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500176312.0000000006FF7000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF7000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff7000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 53ab44f8266d7f6811be941aaf9907aac7923dfe7fd6a9bafe140f30b12a57c4
                                                                                                                                                                                          • Instruction ID: bd523978775450129c71d0cb04f31e9819267452b6d5984d0e347a02113bf7b8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 53ab44f8266d7f6811be941aaf9907aac7923dfe7fd6a9bafe140f30b12a57c4
                                                                                                                                                                                          • Instruction Fuzzy Hash: AD915971F64305AFEB648B608C96A7EB7F5EF54394F140419EB27AB2A0D774D800C7A2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 07001068 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 905 7001068-7001078 907 700107e-7001089 905->907 908 700108f-70010cc 905->908 907->908 909 7001357-7001369 907->909 911 70010d2-70010d5 908->911 912 70010da-70010e4 908->912 909->908 914 7001100 911->914 915 70010ea-70010ed 912->915 916 700134b-700134e 912->916 914->916 918 7001106-7001111 914->918 917 70010f3-70010fe 915->917 915->918 919 7001350-7001356 916->919 917->914 920 7001117-7001125 918->920 921 700136e-7001378 918->921 920->921 923 700112b-7001136 920->923 921->919 924 700113c-7001161 923->924 925 700137d-700138c 923->925 929 7001394-70013a8 924->929 930 7001167-700116d 924->930 925->929 933 70013c6-70013d0 929->933 931 7001173-700117a 930->931 932 70013ad-70013c1 930->932 931->933 934 7001180-70011c9 931->934 932->933 937 700144e-7001451 933->937 939 70011da-70011e0 934->939 940 70011cf-70011d7 934->940 937->919 941 70011e6-70011ff 939->941 940->939 942 70013d5-70013ea 941->942 943 7001205-7001210 941->943 947 70013f1-7001400 942->947 943->942 944 7001216-7001248 943->944 944->947 948 700124e-700126d 944->948 953 7001405-7001410 947->953 951 7001273-7001276 948->951 952 700127b-7001281 948->952 954 700128c 951->954 952->953 955 7001287 952->955 960 7001417-7001421 953->960 956 7001292-700129c 954->956 957 70012d5-70012db 954->957 955->954 959 70012a2-70012b0 956->959 956->960 961 70012e1-70012e4 957->961 962 70012e9-70012f3 957->962 959->960 964 70012b6-70012c2 959->964 960->919 965 700130f 961->965 962->916 963 70012f9-70012fc 962->963 966 7001302-700130d 963->966 967 7001315-7001338 963->967 969 7001426-7001433 964->969 970 70012c8-70012d0 964->970 965->916 965->967 966->965 971 700143a-7001449 967->971 972 700133e-7001347 967->972 969->971 970->916 971->937 972->916
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500176312.0000000006FF7000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF7000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff7000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 3299cc465f7465e61f6ef4837e379ba3206cdeebbde684e6a13ae0326b296ee5
                                                                                                                                                                                          • Instruction ID: f2d307622cb65dc05b728f41f703a89ce28253112dda39d6cbbf56bddb723b28
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3299cc465f7465e61f6ef4837e379ba3206cdeebbde684e6a13ae0326b296ee5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8991D2B1A00309DFEB208F65C841BAEB7F5EF49764F114619E926A76C0C7B4E850CBE1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FF4770 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 977 6ff4770-6ff4809 979 6ff480f-6ff4814 977->979 980 6ff481e-6ff4825 977->980 979->980 981 6ff482e-6ff484c 980->981 982 6ff482b 980->982 983 6ff494c-6ff4959 981->983 984 6ff4852-6ff4855 981->984 982->981 985 6ff4858 983->985 986 6ff495f-6ff4961 983->986 984->985 987 6ff485b-6ff487a 985->987 986->987 988 6ff4966-6ff498d 987->988 989 6ff4880-6ff488b 987->989 991 6ff489b-6ff48ab 988->991 995 6ff4993-6ff499d 988->995 989->988 990 6ff4891-6ff4898 989->990 990->991 993 6ff49a2-6ff49c9 991->993 994 6ff48b1-6ff48b9 991->994 999 6ff48c6-6ff48e4 993->999 1001 6ff49cf-6ff49d9 993->1001 994->993 996 6ff48bf-6ff48c3 994->996 1000 6ff4945-6ff494b 995->1000 996->999 1002 6ff48ea-6ff48fb call 6ff979b 999->1002 1001->1000 1004 6ff48fd-6ff4908 1002->1004 1005 6ff490e-6ff4917 1004->1005 1006 6ff491d 1004->1006 1005->1006 1007 6ff491f-6ff492c 1005->1007 1006->1007 1008 6ff4943 1007->1008 1009 6ff4932-6ff493d 1007->1009 1008->1000 1009->1008 1010 6ff49de-6ff49ec 1009->1010 1010->1008
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500150164.0000000006FF3000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF3000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff3000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 3befc60942a2cd320bbf5069666dd2b114d3bf5b60418b2ca232dd2c95e208c2
                                                                                                                                                                                          • Instruction ID: 9f6602a999ad2feaae146e8251fe30fbf8bc09fc7227349ffdd10747b706a93b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3befc60942a2cd320bbf5069666dd2b114d3bf5b60418b2ca232dd2c95e208c2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B31CF31B102109FCB20CF09C9807AAF7E6EF85320F158199EE589B3A6D730EC51CBA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FFD0A0 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 1013 6ffd0a0-6ffd0a8 1016 6ffd0bf-6ffd0c5 1013->1016 1017 6ffd0ae-6ffd0b3 1013->1017 1018 6ffd0cb-6ffd0d1 1016->1018 1019 6ffd2e6 1016->1019 1021 6ffd0ba-6ffd0bc 1017->1021 1018->1019 1022 6ffd0d7-6ffd0f5 1018->1022 1020 6ffd2e8-6ffd2ee 1019->1020 1021->1016 1023 6ffd0fb-6ffd11f 1022->1023 1024 6ffd306-6ffd31f 1022->1024 1025 6ffd125-6ffd13e 1023->1025 1026 6ffd324-6ffd334 1023->1026 1024->1026 1030 6ffd33a-6ffd349 1025->1030 1031 6ffd144-6ffd153 1025->1031 1026->1030 1037 6ffd34f-6ffd35a 1030->1037 1034 6ffd159-6ffd15c 1031->1034 1035 6ffd161-6ffd167 1031->1035 1036 6ffd172 1034->1036 1035->1037 1038 6ffd16d 1035->1038 1039 6ffd25c-6ffd270 1036->1039 1040 6ffd178-6ffd190 1036->1040 1042 6ffd361-6ffd379 1037->1042 1038->1036 1043 6ffd3ca-6ffd3d4 1039->1043 1044 6ffd276-6ffd286 1039->1044 1041 6ffd196-6ffd1a1 1040->1041 1040->1042 1041->1042 1046 6ffd1a7-6ffd1d9 1041->1046 1054 6ffd37f-6ffd389 1042->1054 1043->1020 1044->1043 1047 6ffd28c-6ffd29b 1044->1047 1059 6ffd1df-6ffd202 1046->1059 1060 6ffd233 1046->1060 1047->1043 1050 6ffd2a1-6ffd2ca 1047->1050 1052 6ffd3d9-6ffd3e8 1050->1052 1053 6ffd2d0-6ffd2e3 1050->1053 1062 6ffd3ed-6ffd3f0 1052->1062 1053->1019 1055 6ffd398-6ffd3a2 1054->1055 1055->1062 1059->1054 1067 6ffd208-6ffd20f 1059->1067 1061 6ffd235-6ffd241 1060->1061 1064 6ffd247-6ffd257 1061->1064 1065 6ffd3b6-6ffd3c5 1061->1065 1062->1020 1064->1019 1065->1043 1070 6ffd38e 1067->1070 1071 6ffd215-6ffd226 1067->1071 1070->1055 1073 6ffd22c-6ffd22e 1071->1073 1074 6ffd3a7-6ffd3b1 1071->1074 1073->1061 1074->1062
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500176312.0000000006FF7000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF7000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff7000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: ced1c4ef02c41a84771ad5d09e23824c11fa80892550653086bd845a2b22a9a9
                                                                                                                                                                                          • Instruction ID: 10cab6263a872e44d9d2b3b69dca61453ed0191f86c8955e70f18b06b5c73c3f
                                                                                                                                                                                          • Opcode Fuzzy Hash: ced1c4ef02c41a84771ad5d09e23824c11fa80892550653086bd845a2b22a9a9
                                                                                                                                                                                          • Instruction Fuzzy Hash: DD71BF31A54310DFEB90CF95CD82FA9B7E5EF44715F14844AEE45AB2A1C7B0D940CBA2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0C365929 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 1076 c365929-c36592b 1077 c365951-c365968 1076->1077 1078 c36592d-c36594c 1076->1078 1079 c365bc5-c365be3 1077->1079 1080 c36596e-c365979 1077->1080 1078->1077 1087 c365bf9-c365bfb 1079->1087 1088 c365be9-c365bf4 1079->1088 1081 c36597f-c365989 1080->1081 1082 c365a7a 1080->1082 1085 c365a73-c365a75 1081->1085 1086 c36598f-c365998 1081->1086 1084 c365a7c-c365a7f 1082->1084 1089 c365a85-c365a88 1084->1089 1090 c365a8d-c365a93 1084->1090 1085->1084 1091 c36599e-c3659a7 1086->1091 1092 c365a6c-c365a6e 1086->1092 1096 c365c01 1087->1096 1097 c365c6f 1087->1097 1106 c365b1f-c365b25 1088->1106 1093 c365a9f 1089->1093 1094 c365c77-c365c82 1090->1094 1095 c365a99 1090->1095 1091->1079 1098 c3659ad-c3659b7 1091->1098 1092->1084 1100 c365aa5-c365ac1 1093->1100 1101 c365b1a 1093->1101 1108 c365c89-c365cae 1094->1108 1095->1093 1104 c365c06-c365c10 1096->1104 1097->1094 1102 c3659bd-c3659c0 1098->1102 1103 c3659e8-c3659f0 1098->1103 1107 c365ac7-c365ad2 1100->1107 1100->1108 1101->1106 1102->1079 1110 c3659c6-c3659cc 1102->1110 1103->1104 1105 c3659f6-c365a04 1103->1105 1115 c365c1f-c365c29 1104->1115 1105->1104 1113 c365a0a-c365a11 1105->1113 1107->1108 1114 c365ad8-c365adf 1107->1114 1118 c365ae2-c365b07 1108->1118 1126 c365cb4-c365cbe 1108->1126 1111 c365a64-c365a67 1110->1111 1112 c3659d2-c3659e2 1110->1112 1111->1084 1112->1103 1127 c365a5c-c365a5f 1112->1127 1116 c365a17-c365a1e 1113->1116 1117 c365c15 1113->1117 1114->1118 1115->1106 1121 c365a24-c365a2f 1116->1121 1122 c365c2e-c365c4b 1116->1122 1117->1115 1123 c365cc3-c365cc8 1118->1123 1124 c365b0d-c365b14 call c366232 1118->1124 1128 c365a31-c365a4f 1121->1128 1122->1128 1133 c365c51-c365c5b 1122->1133 1130 c365cd2 1123->1130 1131 c365b16 1124->1131 1126->1106 1127->1084 1135 c365a55-c365a57 1128->1135 1136 c365c60-c365c6a 1128->1136 1130->1130 1131->1101 1133->1106 1135->1084 1136->1106
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2504946450.000000000C360000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C360000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_c360000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: be02d89d0cf15384ab440dacbcd6c654f54c43c2a14d8110e8e38c4f78b60966
                                                                                                                                                                                          • Instruction ID: 317189bf75a792d8cb13b6850e52527a2be2844c3dcc6c0692d5a05336d09bbb
                                                                                                                                                                                          • Opcode Fuzzy Hash: be02d89d0cf15384ab440dacbcd6c654f54c43c2a14d8110e8e38c4f78b60966
                                                                                                                                                                                          • Instruction Fuzzy Hash: C6613E307243019FDB21CF65C985BA9BBA4BB05318F15C176E8465BE49C7B4DC80CFA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 07001B32 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 1140 7001b32-7001b52 1143 7001b58-7001b6a 1140->1143 1144 7001bdb-7001be5 1140->1144 1147 7001e20-7001e37 1143->1147 1148 7001b70-7001b78 1143->1148 1145 7001beb-7001bee 1144->1145 1146 7001e4e-7001e56 1144->1146 1149 7001bf4-7001bfb 1145->1149 1150 7001e6b-7001e75 1145->1150 1146->1145 1159 7001e5c-7001e66 1146->1159 1151 7001b8a-7001b8f 1148->1151 1152 7001b7e-7001b85 1148->1152 1154 7001c01-7001c02 1149->1154 1155 7001e7a-7001e8d 1149->1155 1150->1155 1151->1147 1158 7001b95-7001b9c 1151->1158 1157 7001b9f-7001ba5 1152->1157 1165 7001c0a-7001c1d 1154->1165 1163 7001e93-7001e99 1155->1163 1164 7001e9e-7001eae 1155->1164 1161 7001bb3-7001bb9 1157->1161 1162 7001bab-7001bae 1157->1162 1158->1157 1159->1150 1167 7001e3c-7001e47 1161->1167 1168 7001bbf 1161->1168 1166 7001bc5 1162->1166 1169 7001eb3-7001ebe 1163->1169 1164->1169 1171 7001c23-7001c26 1165->1171 1172 7001c2b-7001c35 1165->1172 1166->1144 1174 7001bcb-7001bd6 1166->1174 1167->1146 1168->1166 1175 7001eca-7001ed5 1169->1175 1176 7001c51 1171->1176 1177 7001d2a 1172->1177 1178 7001c3b-7001c3e 1172->1178 1174->1165 1191 7001edc-7001ee6 1175->1191 1176->1177 1182 7001c57-7001c5f 1176->1182 1180 7001d2f-7001d35 1177->1180 1181 7001c44-7001c4f 1178->1181 1178->1182 1181->1176 1184 7001c65-7001c68 1182->1184 1185 7001c6d-7001c73 1182->1185 1188 7001c7e 1184->1188 1185->1175 1186 7001c79 1185->1186 1186->1188 1189 7001c84-7001c99 1188->1189 1190 7001cc9-7001cd1 1188->1190 1200 7001ca7-7001cb2 1189->1200 1201 7001c9f-7001ca2 1189->1201 1192 7001ce2-7001cec 1190->1192 1193 7001cd7-7001cdd 1190->1193 1191->1180 1192->1191 1194 7001cf2-7001cf5 1192->1194 1197 7001d08 1193->1197 1198 7001cfb-7001d06 1194->1198 1199 7001d0e-7001d1d 1194->1199 1197->1191 1197->1199 1198->1197 1204 7001d24-7001d27 1199->1204 1202 7001cb4 1200->1202 1201->1202 1202->1177 1206 7001cba-7001cc4 1202->1206 1204->1177 1206->1180
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500176312.0000000006FF7000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF7000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff7000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 50f5e81c255d590fdaca66035811ae9dace54970115c4ff36e0b0041e1c90064
                                                                                                                                                                                          • Instruction ID: 6ce9c2473ffed8ca4e8d175463c8f543f771270dd9d4bd2666d6f33b61d6c26b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 50f5e81c255d590fdaca66035811ae9dace54970115c4ff36e0b0041e1c90064
                                                                                                                                                                                          • Instruction Fuzzy Hash: DF5134B074030D8FEB648F24C955E2D73EAEF55728F254A4AE8169B2C1D774E842CBA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FF52B3 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 1208 6ff52b3-6ff52b7 1252 6ff52ba call 6ef0baf 1208->1252 1253 6ff52ba call 6ef0b1f 1208->1253 1254 6ff52ba call 6ef08ff 1208->1254 1255 6ff52ba call 6ef0ccf 1208->1255 1256 6ff52ba call 6ef0ac7 1208->1256 1257 6ff52ba call 6ef0d47 1208->1257 1258 6ff52ba call 6ef0f57 1208->1258 1259 6ff52ba call c365bc8 1208->1259 1260 6ff52ba call c365929 1208->1260 1261 6ff52ba call c365b29 1208->1261 1209 6ff52bc-6ff52df 1211 6ff52ed-6ff52f3 1209->1211 1212 6ff52e5-6ff52e8 1209->1212 1214 6ff52f9 1211->1214 1215 6ff56a7-6ff56b2 1211->1215 1213 6ff52fe 1212->1213 1216 6ff5304-6ff5305 1213->1216 1217 6ff54d2-6ff54d5 1213->1217 1214->1213 1229 6ff5782-6ff5785 1215->1229 1219 6ff530b-6ff5318 1216->1219 1220 6ff51d0-6ff51d4 1216->1220 1218 6ff54d7-6ff54dd 1217->1218 1219->1217 1219->1218 1222 6ff51da-6ff51ea 1220->1222 1223 6ff55b2-6ff55c8 1220->1223 1226 6ff5609-6ff561a 1222->1226 1227 6ff51f0-6ff51f2 1222->1227 1224 6ff55ce-6ff55d4 1223->1224 1225 6ff55d9-6ff55ed 1223->1225 1230 6ff55f2-6ff5604 1224->1230 1225->1230 1226->1217 1236 6ff5620 1226->1236 1227->1217 1231 6ff51f8-6ff5208 1227->1231 1229->1218 1234 6ff520e-6ff5227 1231->1234 1235 6ff5625-6ff5637 1231->1235 1234->1235 1237 6ff522d-6ff525b 1234->1237 1240 6ff563e-6ff5648 1235->1240 1236->1235 1237->1240 1241 6ff5261-6ff5271 1237->1241 1240->1229 1242 6ff564d-6ff5661 1241->1242 1243 6ff5277-6ff527d 1241->1243 1245 6ff567f-6ff568c 1242->1245 1246 6ff5666-6ff567a 1243->1246 1247 6ff5283-6ff528a 1243->1247 1245->1229 1246->1245 1247->1245 1248 6ff5290-6ff52ad 1247->1248 1248->1208 1249 6ff5691-6ff56a2 1248->1249 1249->1208 1252->1209 1253->1209 1254->1209 1255->1209 1256->1209 1257->1209 1258->1209 1259->1209 1260->1209 1261->1209
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500150164.0000000006FF3000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF3000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff3000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: ad41cf74e8d45e9e079171f3b500169a37482db8854c68a06c0f8b42ff0ce873
                                                                                                                                                                                          • Instruction ID: a7b3199a420cad1597727646ae052f232720a28be71859ec083a67f12080d59e
                                                                                                                                                                                          • Opcode Fuzzy Hash: ad41cf74e8d45e9e079171f3b500169a37482db8854c68a06c0f8b42ff0ce873
                                                                                                                                                                                          • Instruction Fuzzy Hash: 35510771E20304DFDB54CF95C892AA9FBB6FF69314F20411AFA16A72A0DB749441CBB1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0700E800 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500176312.0000000006FF7000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF7000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff7000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 4bd191de0451efa08c00d447c6608e120c4fe5c5bed662f3556cb91c155f205a
                                                                                                                                                                                          • Instruction ID: bb69ab47a6bf608280ade3daf4c3f914efc2e75de74e4ef432422adad53b93a6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bd191de0451efa08c00d447c6608e120c4fe5c5bed662f3556cb91c155f205a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 735180B0A043059BEB54CF58C490BAAFBE1FF88324F20855DE95AAB381D7759D41CFA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FF4800 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500150164.0000000006FF3000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF3000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff3000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 58d68635b05cd3d4750a212277b5c7280b5926dbcacb07b3116186b3cd671689
                                                                                                                                                                                          • Instruction ID: 8c9743e221e3c479cb056b47ffd0af242711754f5be779f2d7557858235947a5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 58d68635b05cd3d4750a212277b5c7280b5926dbcacb07b3116186b3cd671689
                                                                                                                                                                                          • Instruction Fuzzy Hash: 66412931B103009FDB60CF14C981BA6BBE5EF85720F148159EA55AB3A6C774EC41CBA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FFB0B2 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500176312.0000000006FF7000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF7000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff7000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 789678072ed21705a11c230c480f654ae59eb46e0fd5ef6ec154eada740fc70f
                                                                                                                                                                                          • Instruction ID: bbc1e7f59ecaab5efe2ab70de106de36268c93262213174281c384a5440bcbfb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 789678072ed21705a11c230c480f654ae59eb46e0fd5ef6ec154eada740fc70f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E41F4B1A043518BFF658E58C840768B7D3AB85338F1887A9D9668B3C5C777DCA48BC1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 07000C5D Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500176312.0000000006FF7000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF7000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff7000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 482aff624f93173430289e08868561a744239b7c957ac7e026e565f4c98e1a84
                                                                                                                                                                                          • Instruction ID: 2b580cc387bc4e38f69eb84a6affc0bfcf95cc4b9f65b1c269dea909737e63b5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 482aff624f93173430289e08868561a744239b7c957ac7e026e565f4c98e1a84
                                                                                                                                                                                          • Instruction Fuzzy Hash: D331F6B17503059BFB148B288D52FBBB7EAAB95621F24431AE805A72C1D778E84186B0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FF4A00 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500150164.0000000006FF3000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF3000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff3000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 183685c8f32ce7ce697e1a1abce239b0aa8bbb08e94b9524e994b89c4a0beebf
                                                                                                                                                                                          • Instruction ID: f7267c96d35a7890d02c789fb3e8306b812af4c974a95c46f9172bb627c24fce
                                                                                                                                                                                          • Opcode Fuzzy Hash: 183685c8f32ce7ce697e1a1abce239b0aa8bbb08e94b9524e994b89c4a0beebf
                                                                                                                                                                                          • Instruction Fuzzy Hash: AA3103326103019FE704CF54CC91BABB7D5EF85724F208569EB26AB7A2D671EC51CB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0C36756D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2504946450.000000000C360000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C360000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_c360000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 3715c559e881ae55188b5417c8c0d3c9e3f64176aa2044c35204b9fb3b1b2a5a
                                                                                                                                                                                          • Instruction ID: 785d3cdf9e74ce379dbd642627092bd01cc6f196e226b5b4d2afa0c4ab6278d0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3715c559e881ae55188b5417c8c0d3c9e3f64176aa2044c35204b9fb3b1b2a5a
                                                                                                                                                                                          • Instruction Fuzzy Hash: D131A171A50304ABDB14CB95DC42BADB7E6AB85348F65810AF912BBB94D774A801CF50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0C360543 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2504946450.000000000C360000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C360000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_c360000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: a5b176ae5fdf99144941dee232c5640af5952bc6264230153644f4c5cab21438
                                                                                                                                                                                          • Instruction ID: a676539cbc8ebffc3d99b64f40a6e46213610ecf5ebf0a1d59268e692c62e02e
                                                                                                                                                                                          • Opcode Fuzzy Hash: a5b176ae5fdf99144941dee232c5640af5952bc6264230153644f4c5cab21438
                                                                                                                                                                                          • Instruction Fuzzy Hash: D431DE70A14311CFDB18CF64C8C2AA9F7B5FB48358F108699DA52ABB46C7709C41CFA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FF4C00 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500150164.0000000006FF3000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF3000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff3000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 2f84f999ebf0d2c7d71d6ce199301aa5d565318bbaa5251f6e957949ad5f9048
                                                                                                                                                                                          • Instruction ID: b2d07085a804bd1faa4c606720cebd11555d40bc069d3770cea6adc67131b6e0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f84f999ebf0d2c7d71d6ce199301aa5d565318bbaa5251f6e957949ad5f9048
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D21F830A143009FEB50CB58CC82BA6B7D4FF04724F100558EB569B7A1DBB09C64C7A2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0C367578 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2504946450.000000000C360000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C360000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_c360000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: c9bbd4820e6ae4664ebfbd800e3f49cbb43c340f242df142d308ae8d925310d6
                                                                                                                                                                                          • Instruction ID: 9b938296a4d64fe20b31c772194180151d651403b93f6365e284a2220bd3b39e
                                                                                                                                                                                          • Opcode Fuzzy Hash: c9bbd4820e6ae4664ebfbd800e3f49cbb43c340f242df142d308ae8d925310d6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5621B030B10208AFDB14CF99C851BADB7F6AF85348F158159E956AB794D770EC02CF40
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FF1300 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500121347.0000000006FF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 7e22a89a09fe9e0d96d3c4f1867a77879b4748bc8cf0d75d9cdf4066cd88d18b
                                                                                                                                                                                          • Instruction ID: 7fc264aad9ebe385efeb90f06ddcfb6b741e41f04409142a14f881ab256d84c9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e22a89a09fe9e0d96d3c4f1867a77879b4748bc8cf0d75d9cdf4066cd88d18b
                                                                                                                                                                                          • Instruction Fuzzy Hash: B6212671A042059FDB14CF04CC429AEF7E6FF89320F108259EA6557B94D770E851CBD2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0700B800 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500176312.0000000006FF7000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF7000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff7000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 365a0c24832365d7c9e3580d36a4fcfdde38bd0d5478179c3e926bce8e449bb2
                                                                                                                                                                                          • Instruction ID: 4c79df003cd957f62fe09ee2181a3360464a68793123f57f37046b2e096c0dc7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 365a0c24832365d7c9e3580d36a4fcfdde38bd0d5478179c3e926bce8e449bb2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 231106B1A042059FEB04CF14CC416AAB7D2FF49320F14865CE9655B794D630DD51C7D2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FF546E Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500150164.0000000006FF3000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF3000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff3000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: a5498bd57b65b36e59f028c79de9acb20081a0ec9afc8e1ec2ba97a9eaf68246
                                                                                                                                                                                          • Instruction ID: 1cc1c82e19e0700a47817969c9cad9b5db258079c85d7528e532aa664a2561d8
                                                                                                                                                                                          • Opcode Fuzzy Hash: a5498bd57b65b36e59f028c79de9acb20081a0ec9afc8e1ec2ba97a9eaf68246
                                                                                                                                                                                          • Instruction Fuzzy Hash: 03F0C832E203089F9F40CB949C558EEF379FFA8125F110506EE01B3220C734E81086A1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0C365B29 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2504946450.000000000C360000.00000010.00000800.00020000.00000000.sdmp, Offset: 0C360000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_c360000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: b75c1cc5842ef3634568aae4b9ddc2966115703cc38a2a88394f545861e0cefe
                                                                                                                                                                                          • Instruction ID: 3e3a0795badb6aafdce0f2d465da80f390bda6c6a4273c2774c72e253db66d77
                                                                                                                                                                                          • Opcode Fuzzy Hash: b75c1cc5842ef3634568aae4b9ddc2966115703cc38a2a88394f545861e0cefe
                                                                                                                                                                                          • Instruction Fuzzy Hash: C901AD76A043169FD700CF08D8816A9F7E4FF4A320F14869AE8559B710C330E821CB81
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FF07E9 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500121347.0000000006FF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: bcd543d13294db3362854195c9ede3577a6b4376e4d2db8c1f474c0694626722
                                                                                                                                                                                          • Instruction ID: cc01b91f4e349d289ff8e31bc3143dd3656c5a241aa4f7ffdc5a585907477eed
                                                                                                                                                                                          • Opcode Fuzzy Hash: bcd543d13294db3362854195c9ede3577a6b4376e4d2db8c1f474c0694626722
                                                                                                                                                                                          • Instruction Fuzzy Hash: D6F01D75E68300DFEB754B05C4A4775FAE6AF81309F094459EA1A8B7A2CBB49890C790
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 07000147 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500176312.0000000006FF7000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF7000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff7000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: a01b27d99ddec3c7fc861ab730e0df67a4113340c878cd61b0481f0985d8df8e
                                                                                                                                                                                          • Instruction ID: ab4ab5d277b86d2a8260e86835c5d7c10fbba6f2622e1a8c9fdddeb34709ee41
                                                                                                                                                                                          • Opcode Fuzzy Hash: a01b27d99ddec3c7fc861ab730e0df67a4113340c878cd61b0481f0985d8df8e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CF0E5B1780B126BE361C5A8CC92BEB73D86B04620F040621FE15E73C1E7A4DE4047E0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06FF979B Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2500176312.0000000006FF7000.00000010.00000800.00020000.00000000.sdmp, Offset: 06FF7000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ff7000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 535a52ac9bdff42c7c85cbb067ee7c1884b665ea5fac736649a8a91ec833f9f2
                                                                                                                                                                                          • Instruction ID: eb8c76eca803025bc8419b820f05808fcb2e269497b8585ca59eaffcaa56f0cd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 535a52ac9bdff42c7c85cbb067ee7c1884b665ea5fac736649a8a91ec833f9f2
                                                                                                                                                                                          • Instruction Fuzzy Hash: C3D05E32A093098FA745CF58EC465DAF3B4FF46234B10076FED2987211D76248168BD1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0AEF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0EE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0AE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0AFF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0AF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0ACF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0AC7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0ADF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0ED7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0AD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0AB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0EB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0E8F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A87 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A9F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0E97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A67 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A4F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A2F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A37 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A1F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0A17 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0BEF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF07EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0FE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF07FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0BFF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0BF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF07F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0FCF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0FDF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0BDF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0FD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF07D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0BAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0BA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0FA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0BB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0F87 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0F9F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0F97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0B97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0F7F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0F77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0F57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0B57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0B2F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0B27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0B3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0B07 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0B1F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0F1F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0B17 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0CEF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0CE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF08E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF08FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0CF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0CCF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0CC7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0CDF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0CBF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0CB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0C9F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0C6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0C7F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0877 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF084F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0C4F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0847 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0C47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0C5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0C57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0857 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0827 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0C3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF083F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF080F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0807 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0C07 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0817 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF09EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF09FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0DAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF09A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF09BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0DBF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0DB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF09B7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0D8F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0987 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0D87 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0D97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0D6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0967 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0D7F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0D77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0D4F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0D47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF092F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0927 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF090F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0907 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF091F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0D1F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 06EF0917 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2499565354.0000000006EF0000.00000010.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6ef0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction ID: 76d4212ed96f203c8e1145b274125b9544093ffb8bb4eefa2a970e9d08493ba3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f16df3c41056a6e0a9805f3469557b7448be1c30c7dc327ecdb1d7413aa41623
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 0071791B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 0071FADA
                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0071FAEF
                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(0073D4AC), ref: 0071FAFA
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 0071FB16
                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 0071FB1D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2579439406-0
                                                                                                                                                                                          • Opcode ID: 0c322c0d64a6a3bf7af7e362a383d34298f2854bd444df086d1c10e50293fe1c
                                                                                                                                                                                          • Instruction ID: 3f6a3633a29d54b20a8b38400dcc8499397c4e16e43c60c6c51e97f3ec89bbc9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c322c0d64a6a3bf7af7e362a383d34298f2854bd444df086d1c10e50293fe1c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4721A0B4801306EFD702EF68F8896443BF4FB59311F10C01AE90AA7261E7FC59829F4A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00716B09 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 68memorylibraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000C,00716BDF,00000000,006CA401,00000000,006F6543,00000000,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000), ref: 00716B0B
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,00000000,?,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000,?,00767C18,?), ref: 00716B24
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InterlockedPushEntrySList), ref: 00716B3E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InterlockedPopEntrySList), ref: 00716B4B
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000008,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000,?,00767C18,?), ref: 00716B7D
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000,?,00767C18,?), ref: 00716B80
                                                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 00716B96
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000,?,00767C18,?), ref: 00716BA3
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,006CAE08,000000FD,?,00000000,56000000,00000000,00000000,?,00767C18,?), ref: 00716BA6
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$AddressProcProcess$AllocCompareExchangeFeatureFreeInterlockedLibraryLoadPresentProcessor
                                                                                                                                                                                          • String ID: InterlockedPopEntrySList$InterlockedPushEntrySList$kernel32.dll
                                                                                                                                                                                          • API String ID: 3830925854-2586642590
                                                                                                                                                                                          • Opcode ID: e4947be78002925c6f33a4729e4cae42bf856b07fb602decd7f89b35931fd661
                                                                                                                                                                                          • Instruction ID: 8993b6f69a763c12ad46fb3d7a6737ce61174d6a34717d7de138a6120eeae553
                                                                                                                                                                                          • Opcode Fuzzy Hash: e4947be78002925c6f33a4729e4cae42bf856b07fb602decd7f89b35931fd661
                                                                                                                                                                                          • Instruction Fuzzy Hash: DB1190F2600204AFEB21DF799C88D563BA8F744742B11C439E502E3251E77C88409F68
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0071BBB0 Relevance: 19.7, APIs: 13, Instructions: 181COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _malloc.LIBCMT ref: 0071BBC6
                                                                                                                                                                                            • Part of subcall function 00718F12: __FF_MSGBANNER.LIBCMT ref: 00718F35
                                                                                                                                                                                            • Part of subcall function 00718F12: __NMSG_WRITE.LIBCMT ref: 00718F3C
                                                                                                                                                                                            • Part of subcall function 00718F12: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0071E9E6,00000000,00000001,00000000,?,0072179F,00000018,00759100,0000000C,00721830), ref: 00718F89
                                                                                                                                                                                            • Part of subcall function 0071EB48: __getptd_noexit.LIBCMT ref: 0071EB48
                                                                                                                                                                                          • GetLastError.KERNEL32(?,006CACBE,?,?,00000002,?,006CB0CD), ref: 0071BD2B
                                                                                                                                                                                          • GetLastError.KERNEL32(?,006CACBE,?,?,00000002,?,006CB0CD), ref: 0071BDB8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$AllocateHeap__getptd_noexit_malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 857301886-0
                                                                                                                                                                                          • Opcode ID: bd97803bc62dc4e65e876973b5bc6e768cd3fbe0d12155830a05e73978edea07
                                                                                                                                                                                          • Instruction ID: cfb6b986936374df81bb948844eb2e5ba083218c0e6b20f1fb878124c9c8c894
                                                                                                                                                                                          • Opcode Fuzzy Hash: bd97803bc62dc4e65e876973b5bc6e768cd3fbe0d12155830a05e73978edea07
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C51E6B1D00625EACF326F7CAC499EE7664EF45360B144525FC95A62D1DB3C8CC08BE5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0071FD4B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __getptd.LIBCMT ref: 0071FD57
                                                                                                                                                                                            • Part of subcall function 0072050C: __getptd_noexit.LIBCMT ref: 0072050F
                                                                                                                                                                                            • Part of subcall function 0072050C: __amsg_exit.LIBCMT ref: 0072051C
                                                                                                                                                                                          • __amsg_exit.LIBCMT ref: 0071FD77
                                                                                                                                                                                          • __lock.LIBCMT ref: 0071FD87
                                                                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 0071FDA4
                                                                                                                                                                                          • InterlockedIncrement.KERNEL32(04440FE8), ref: 0071FDCF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                          • String ID: (Cv
                                                                                                                                                                                          • API String ID: 4271482742-2871854725
                                                                                                                                                                                          • Opcode ID: 7b469fd6a9e077a43bf4b6727068bc952b2b72b54e9502115aca3819c45bd61f
                                                                                                                                                                                          • Instruction ID: 5c8b335b5c4d5dc8354e6a09fdb6fb89b670facd0df6eeb787ff8f2cc2b92a41
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b469fd6a9e077a43bf4b6727068bc952b2b72b54e9502115aca3819c45bd61f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3301C432A40711EBC715AF6CB819BED7760BF06720F044125E890672D5CB3C99C0CBD5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0071D0CB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __getptd.LIBCMT ref: 0071D0D7
                                                                                                                                                                                            • Part of subcall function 0072050C: __getptd_noexit.LIBCMT ref: 0072050F
                                                                                                                                                                                            • Part of subcall function 0072050C: __amsg_exit.LIBCMT ref: 0072051C
                                                                                                                                                                                          • __getptd.LIBCMT ref: 0071D0EE
                                                                                                                                                                                          • __amsg_exit.LIBCMT ref: 0071D0FC
                                                                                                                                                                                          • __lock.LIBCMT ref: 0071D10C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                          • String ID: XHv
                                                                                                                                                                                          • API String ID: 3521780317-472430366
                                                                                                                                                                                          • Opcode ID: a36ce62c6a3061bb275f26acad360546b2411f0a0ad716bbccb05395f830dd8b
                                                                                                                                                                                          • Instruction ID: 351d8dd62d5baf254335716c3df9e7105440f73a0bc63944615065e8096fbefe
                                                                                                                                                                                          • Opcode Fuzzy Hash: a36ce62c6a3061bb275f26acad360546b2411f0a0ad716bbccb05395f830dd8b
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0F09032940714EBD731BBBC980BBCE33A1AF04720F218249E441572D2CB7CAC81DE95
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00719021 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00719034
                                                                                                                                                                                            • Part of subcall function 007236B0: __FindPESection.LIBCMT ref: 0072370B
                                                                                                                                                                                          • __getptd_noexit.LIBCMT ref: 00719044
                                                                                                                                                                                          • __freeptd.LIBCMT ref: 0071904E
                                                                                                                                                                                          • ExitThread.KERNEL32 ref: 00719057
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                                                                                          • String ID: m7r
                                                                                                                                                                                          • API String ID: 3182216644-2437034309
                                                                                                                                                                                          • Opcode ID: 4570701673c3f1927294cefecde3432d843cd8930f29090c0e88a434645f0006
                                                                                                                                                                                          • Instruction ID: af9550aaafebe5bdf01118455b7ddd6993a7f47c9aee1292bc9b6ab3245bbb80
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4570701673c3f1927294cefecde3432d843cd8930f29090c0e88a434645f0006
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78D01230100257AAF7243B69FC1E6563A98AB80726F1540217B04920E2DF7CDCC2C579
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 006CA340 Relevance: 7.6, APIs: 5, Instructions: 67threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006CA34F
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0076A518,?,?,?,006F6566,00000000,?,?,006CAE08,000000FD,?,00000000,56000000), ref: 006CA361
                                                                                                                                                                                            • Part of subcall function 006C69BE: LeaveCriticalSection.KERNEL32(?,00000000,006CB0E4), ref: 006C69C9
                                                                                                                                                                                          • RaiseException.KERNEL32(C0000005,00000001,00000000,00000000,?,?,?,006F6566,00000000,?,?,006CAE08,000000FD,?,00000000,56000000), ref: 006CA38E
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0076A518,00000000,?,?,?,?,?,?,?,006F6566,00000000,?,?,006CAE08,000000FD,?), ref: 006CA3A7
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006CA3BB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$CurrentEnterThread$ExceptionLeaveRaise
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3693325965-0
                                                                                                                                                                                          • Opcode ID: 27d04af0ad1b131f0fa4d89d1db8eef4e1e24c43e38aa7afd94d6986cb540729
                                                                                                                                                                                          • Instruction ID: 1c6c0ffdf78ce52be9da9eee9d94333449c34a15a92bd8385c60145cee5f288f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 27d04af0ad1b131f0fa4d89d1db8eef4e1e24c43e38aa7afd94d6986cb540729
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D21D230A01304ABDB20CFA5DC44BAABBA9EB44705F00801EE847E7351E7B4AC40CB96
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00717DB4 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __lock.LIBCMT ref: 00717DD2
                                                                                                                                                                                            • Part of subcall function 00721815: __mtinitlocknum.LIBCMT ref: 0072182B
                                                                                                                                                                                            • Part of subcall function 00721815: __amsg_exit.LIBCMT ref: 00721837
                                                                                                                                                                                            • Part of subcall function 00721815: EnterCriticalSection.KERNEL32(?,?,?,0072238D,00000004,00759120,0000000C,0071EA30,00000000,?,00000000,00000000,00000000,?,007204BE,00000001), ref: 0072183F
                                                                                                                                                                                          • ___sbh_find_block.LIBCMT ref: 00717DDD
                                                                                                                                                                                          • ___sbh_free_block.LIBCMT ref: 00717DEC
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00758C40,0000000C,007217F6,00000000,00759100,0000000C,00721830,00000000,?,?,0072238D,00000004,00759120,0000000C), ref: 00717E1C
                                                                                                                                                                                          • GetLastError.KERNEL32(?,0072238D,00000004,00759120,0000000C,0071EA30,00000000,?,00000000,00000000,00000000,?,007204BE,00000001,00000214), ref: 00717E2D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2714421763-0
                                                                                                                                                                                          • Opcode ID: a8ea7b087a6008fb1f66364ab97a3b0740b689671542b2241e42c28633b133c6
                                                                                                                                                                                          • Instruction ID: df8eb53293fbd76b69f3a6833c6110f07af33fb60b65e2fc0efae555696e6232
                                                                                                                                                                                          • Opcode Fuzzy Hash: a8ea7b087a6008fb1f66364ab97a3b0740b689671542b2241e42c28633b133c6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5101F771908315EADB352BB8AC0EBDE3BB4AF00721F104098F401660D2CB3C8DC4CB94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0071D08D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ___addlocaleref.LIBCMT ref: 0071D09F
                                                                                                                                                                                            • Part of subcall function 0071CF3F: InterlockedIncrement.KERNEL32(00000000), ref: 0071CF51
                                                                                                                                                                                            • Part of subcall function 0071CF3F: InterlockedIncrement.KERNEL32(?), ref: 0071CF5E
                                                                                                                                                                                            • Part of subcall function 0071CF3F: InterlockedIncrement.KERNEL32(?), ref: 0071CF6B
                                                                                                                                                                                            • Part of subcall function 0071CF3F: InterlockedIncrement.KERNEL32(?), ref: 0071CF78
                                                                                                                                                                                            • Part of subcall function 0071CF3F: InterlockedIncrement.KERNEL32(?), ref: 0071CF85
                                                                                                                                                                                            • Part of subcall function 0071CF3F: InterlockedIncrement.KERNEL32(?), ref: 0071CFA1
                                                                                                                                                                                            • Part of subcall function 0071CF3F: InterlockedIncrement.KERNEL32(?), ref: 0071CFB1
                                                                                                                                                                                            • Part of subcall function 0071CF3F: InterlockedIncrement.KERNEL32(?), ref: 0071CFC7
                                                                                                                                                                                          • ___removelocaleref.LIBCMT ref: 0071D0AA
                                                                                                                                                                                            • Part of subcall function 0071CFCE: InterlockedDecrement.KERNEL32(0071B262), ref: 0071CFE8
                                                                                                                                                                                            • Part of subcall function 0071CFCE: InterlockedDecrement.KERNEL32(8104C283), ref: 0071CFF5
                                                                                                                                                                                            • Part of subcall function 0071CFCE: InterlockedDecrement.KERNEL32(8BE07481), ref: 0071D002
                                                                                                                                                                                            • Part of subcall function 0071CFCE: InterlockedDecrement.KERNEL32(010100E1), ref: 0071D00F
                                                                                                                                                                                            • Part of subcall function 0071CFCE: InterlockedDecrement.KERNEL32(EB322374), ref: 0071D01C
                                                                                                                                                                                            • Part of subcall function 0071CFCE: InterlockedDecrement.KERNEL32(EB322374), ref: 0071D038
                                                                                                                                                                                            • Part of subcall function 0071CFCE: InterlockedDecrement.KERNEL32(74000000), ref: 0071D048
                                                                                                                                                                                            • Part of subcall function 0071CFCE: InterlockedDecrement.KERNEL32(5BFF41D9), ref: 0071D05E
                                                                                                                                                                                          • ___freetlocinfo.LIBCMT ref: 0071D0BE
                                                                                                                                                                                            • Part of subcall function 0071CDF6: ___free_lconv_mon.LIBCMT ref: 0071CE3C
                                                                                                                                                                                            • Part of subcall function 0071CDF6: ___free_lconv_num.LIBCMT ref: 0071CE5D
                                                                                                                                                                                            • Part of subcall function 0071CDF6: ___free_lc_time.LIBCMT ref: 0071CEE2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Interlocked$DecrementIncrement$___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
                                                                                                                                                                                          • String ID: XHv
                                                                                                                                                                                          • API String ID: 467427115-472430366
                                                                                                                                                                                          • Opcode ID: 31d80cb3a96d1b134c8acf6eaaa831caa393c12be698b2986a0788f2b70a1ed7
                                                                                                                                                                                          • Instruction ID: 8e56c922c3f4f300af4872b174984fcf7e30631f6e275f94c0a3acb71d93e148
                                                                                                                                                                                          • Opcode Fuzzy Hash: 31d80cb3a96d1b134c8acf6eaaa831caa393c12be698b2986a0788f2b70a1ed7
                                                                                                                                                                                          • Instruction Fuzzy Hash: D9E08623631921668B36262C64006EA93996F8A721F1B01EAF954A71D4DF2CDCC388D9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0072EAD1 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0072EB05
                                                                                                                                                                                          • __isleadbyte_l.LIBCMT ref: 0072EB39
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,0071828D,?,00000000,00000000,?,?,?,?,0071828D,00000000,?), ref: 0072EB6A
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,0071828D,00000001,00000000,00000000,?,?,?,?,0071828D,00000000,?), ref: 0072EBD8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2486614554.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2486531799.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486832212.000000000073C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2486956314.0000000000764000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487033213.0000000000768000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.0000000000769000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487128435.000000000076D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000770000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000000816000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000084D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.000000000124D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.00000000018FB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001A98000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001B9C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C1B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2487378127.0000000001C39000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6c0000_MiniClient.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3058430110-0
                                                                                                                                                                                          • Opcode ID: 6859b8ad8e408d37c67197c5bcb72ae06c6709693ef1bcd2abb099c5bd23c3f3
                                                                                                                                                                                          • Instruction ID: 17d71769ff56eea859e62c8b6e43d49055d214c5949618813705bb3d6925a556
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6859b8ad8e408d37c67197c5bcb72ae06c6709693ef1bcd2abb099c5bd23c3f3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2231F071A002A5EFDB21DFA8E884DBE3BB0BF00311F1485A9E4A69B191D335DD80CB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%